[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[radext] #86: MD5 Stream Cipher Weaknesses
#86: MD5 Stream Cipher Weaknesses
Section 3 states:
RADIUS packets, as defined in [RFC2865], are protected by an MD5
message integrity check (MIC), within the Authenticator field of
RADIUS packets other than Access-Request. The Message-Authenticator
Attribute utilizes HMAC-MD5 to authenticate and integrity protect
RADIUS packets. Various RADIUS attributes support encrypted
(also known as "hidden") values,
including: User-Password, Tunnel-Password, and various Vendor-
Specific Attributes. Generally speaking, the hiding mechanism uses a
stream cipher based on a key stream from an MD5 digest.
Recent work on MD5 collisions does not immediately compromise any of
these methods, absent knowledge of the RADIUS shared secret.
However, the progress toward compromise of MD5's basic cryptographic
assumptions has resulted in the deprecation of MD5 usage in a variety
of applications.
The weaknesses of MD5 stream ciphers is independent of MD5 collision
issues and therefore it is not accurate to state that there is no
compromise absent knowledge of the shared secret. For example, were the
RADIUS authenticator to repeat, a known plaintext attack on hidden
attributes such as User-Password is possible.
--
---------------------------------------+------------------------------------
Reporter: bernard_aboba@â | Owner:
Type: defect | Status: new
Priority: major | Milestone: milestone1
Component: Crypto-Agility | Version: 1.0
Severity: Active WG Document | Keywords:
---------------------------------------+------------------------------------
Ticket URL: <http://trac.tools.ietf.org/wg/radext/trac/ticket/86>
radext <http://tools.ietf.org/radext/>
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>