[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [radext] #91: Citation for MD5 security Issues

To: bernard_aboba@hotmail.com
Subject: Re: [radext] #91: Citation for MD5 security Issues
From: "radext issue tracker" <trac+radext@zinfandel.tools.ietf.org>
Date: Sun, 13 Mar 2011 00:28:35 -0000
Auto-submitted: auto-generated
Cc: radiusext@ops.ietf.org
In-reply-to: <066.a2513676ea4112890b2e940868240806@trac.tools.ietf.org>
References: <066.a2513676ea4112890b2e940868240806@trac.tools.ietf.org>
Reply-to: radiusext@ops.ietf.org

#91: Citation for MD5 security Issues

Changes (by bernard_aboba@â):

  * status:  new => closed
  * resolution:  => fixed


Comment:

 Proposed resolution is to change Section 3 to the following:

 3.  The Current State of RADIUS Security

    RADIUS packets, as defined in [RFC2865], are protected by an MD5
    message integrity check (MIC), within the Authenticator field of
    RADIUS packets other than Access-Request [RFC2865] and Status-Server
    [RFC5997].  The Message-Authenticator Attribute utilizes HMAC-MD5 to
    authenticate and integrity protect RADIUS packets.

    While RADIUS does not support confidentiality of entire packets,
    various RADIUS attributes support encrypted (also known as "hidden")
    values, including: User-Password (defined in [RFC2865] Section 5.2),
    Tunnel-Password (defined in [RFC2868] Section 3.5), and various
    Vendor-Specific Attributes, such as the MS-MPPE-Send-Key and MS-MPPE-
    Recv-Key attributes (defined in [RFC2548] Section 2.4).  Generally
    speaking, the hiding mechanism uses a stream cipher based on a key
    stream from an MD5 digest.  Attacks against this mechanism are
    described in [RFC3579] Section 4.3.4.

    "Updated Security Considerations for the MD5 Message-Digest and the
    HMAC-MD5 Algorithms" [RFC6151] discusses security considerations for
    use of the MD5 and HMAC-MD5 algorithms.  While the advances in MD5
    collisions do not immediately compromise the use of MD5 or HMAC-MD5
    for the purposes used within RADIUS absent knowledge of the RADIUS
    shared secret, the progress toward compromise of MD5's basic
    cryptographic assumptions has resulted in the deprecation of MD5
    usage in a variety of applications.  As noted in [RFC6151] Section 2:

       MD5 is no longer acceptable where collision resistance is required
       such as digital signatures.  It is not urgent to stop using MD5 in
       other ways, such as HMAC-MD5; however, since MD5 must not be used
 for
       digital signatures, new protocol designs should not employ HMAC-MD5.

-- 
---------------------------------------+------------------------------------
 Reporter:  bernard_aboba@â            |        Owner:            
     Type:  defect                     |       Status:  closed    
 Priority:  major                      |    Milestone:  milestone1
Component:  Crypto-Agility             |      Version:  1.0       
 Severity:  Active WG Document         |   Resolution:  fixed     
 Keywords:                             |  
---------------------------------------+------------------------------------

Ticket URL: <http://trac.tools.ietf.org/wg/radext/trac/ticket/91#comment:1>
radext <http://tools.ietf.org/radext/>


--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

References:
- [radext] #91: Citation for MD5 security Issues
  - From: "radext issue tracker" <trac+radext@zinfandel.tools.ietf.org>

Prev by Date: [radext] #91: Citation for MD5 security Issues
Next by Date: Re: [radext] #23: Comments
Previous by thread: [radext] #91: Citation for MD5 security Issues
Index(es):
- Date
- Thread