[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Issue with SIP - Need for Message-Authenticator
From what I understand, having an easy way to generate collisions does
not mean that it will be easy to create valid RADIUS packets that result
in the collision hash. Also, its not been proved that cryptanalysis
will help reverse engineer the cleartext from the hash.
Barney Wolff wrote:
On Thu, Aug 26, 2004 at 10:00:55AM -0700, Joseph Salowey wrote:
Note that Message-Authenticator is based on HMAC-MD5. Recent
research has demonstrated collisions in MD5 (though not in
HMAC-MD5), so that it may make sense to define a new
attribute that uses a more highly regarded algorithm, such as
defines an attribute that can SHA for message authentication.
As I read the chatter on the crypto list, it's premature to assume that
SHA-1 will survive better than MD5, although it probably will. Arguments
have been made that HMAC-MD5 will not fall to MD5 attacks. I'd suggest
waiting at least a couple of weeks for the smoke to clear before acting.
We do know that the RADIUS Authenticator has long been considered inferior
to HMAC-MD5, and the recent issues may seal its fate. It's therefore
prudent to consider how to react when, or before, the authenticator is
broken. Certainly boxes that have sufficient cpu and codespace can use
IPsec, as has already been suggested. What, if anything, to do for/with
boxes that cannot run IPsec is an open question.
to unsubscribe send a message to email@example.com with
the word 'unsubscribe' in a single line as the message text body.