IETF Logo Mail Archive

Re: [radext] WGLC #2 for draft-ietf-radext-dtls-04

Alan DeKok <aland@deployingradius.com> Mon, 08 April 2013 19:44 UTC

Return-Path: <aland@deployingradius.com>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A7A2721F8887 for <radext@ietfa.amsl.com>; Mon, 8 Apr 2013 12:44:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.299
X-Spam-Level:
X-Spam-Status: No, score=-102.299 tagged_above=-999 required=5 tests=[AWL=-0.300, BAYES_00=-2.599, J_CHICKENPOX_21=0.6, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tCYUKSPsx+WQ for <radext@ietfa.amsl.com>; Mon, 8 Apr 2013 12:43:59 -0700 (PDT)
Received: from power.freeradius.org (power.freeradius.org [88.190.25.44]) by ietfa.amsl.com (Postfix) with ESMTP id 868EE21F8842 for <radext@ietf.org>; Mon, 8 Apr 2013 12:43:58 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by power.freeradius.org (Postfix) with ESMTP id 787AE22410BC; Mon, 8 Apr 2013 21:43:58 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at power.freeradius.org
Received: from power.freeradius.org ([127.0.0.1]) by localhost (power.freeradius.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cjiI1RZgBPZo; Mon, 8 Apr 2013 21:43:56 +0200 (CEST)
Received: from Thor-2.local (bas1-ottawa11-1176224750.dsl.bell.ca [70.27.195.238]) by power.freeradius.org (Postfix) with ESMTPSA id AEC902240742; Mon, 8 Apr 2013 21:43:55 +0200 (CEST)
Message-ID: <51631DF9.1080307@deployingradius.com>
Date: Mon, 08 Apr 2013 15:43:53 -0400
From: Alan DeKok <aland@deployingradius.com>
User-Agent: Thunderbird 2.0.0.24 (Macintosh/20100228)
MIME-Version: 1.0
To: Sam Hartman <hartmans@painless-security.com>
References: <1A5FDF7C-9E93-447E-A103-9700349CB2F5@gmail.com> <alpine.WNT.2.00.1304021450180.3988@SMURF> <515C3604.3040406@deployingradius.com> <alpine.WNT.2.00.1304042021411.3988@SMURF> <tslli8xnoms.fsf@mit.edu> <515ED047.3040200@deployingradius.com> <alpine.WNT.2.00.1304051020120.3988@SMURF> <5160255B.40409@deployingradius.com> <alpine.WNT.2.00.1304060913320.3988@SMURF> <5160B785.8070703@deployingradius.com> <tslppy5i2dm.fsf@mit.edu> <5162C651.2000200@deployingradius.com> <alpine.WNT.2.00.1304080801440.1952@littlesmurf> <tslppy5ghnf.fsf@mit.edu> <5162F9BA.7030500@deployingradius.com> <tsltxnhey5u.fsf@mit.edu> <0FFFD8DE-5337-4A4F-A844-F8F05297A25E@freeradius.org> <tslk3odexnp.fsf@mit.edu> <D2A88F51-F694-49E7-BB5C-30814A70208A@networkradius.com> <tsly5cset2j.fsf@mit.edu>
In-Reply-To: <tsly5cset2j.fsf@mit.edu>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: Arran Cudbard-Bell <a.cudbardb@networkradius.com>, radext@ietf.org
Subject: Re: [radext] WGLC #2 for draft-ietf-radext-dtls-04
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/radext>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Apr 2013 19:44:00 -0000

Sam Hartman wrote:
> I don't know.  Enumerating through I think 96^11 md4s is apparently
> trivial given reasonably-priced hardware for cracking.  So probably $10k
> investment.  See recent discussions of hash cracking on GPUs.  However,
> md5 is a bit slower, and 11 is less than 16.

  http://www.insidepro.com/eng/egb.shtml

  Says that they can do about 500M hashes/s.  Let's assume that's true,
and is the best case.  This is even though other sites claim 100x that
cracking power.

  These numbers are for *password* cracking, which is a bit different
from cracking RADIUS packets.  So maybe RADIUS will be slower.

>  I think I'd say that I
> would be unsurprised if someone broke RADIUS secrets entirely, and would
> be entirely unsurprised if brute forcing the secrets anyone is actually
> using in practice was easy.

  I agree.  Let's say the MD5 cracking of RADIUS packets was 1% of the
above password cracking speed.  Even with that, brute-forcing all
alphanumerical passwords would take less than a year for one person.

  I have 94 individual characters available on my keyboard.  Let's say I
use them all for shared secrets, and that the cracking speed is 5M
attempts per second.  We have the following crack times, for each length
of shared secret:

4	16 seconds
5 	25 minutes
6	38 hours
7	150 days
8	37 years

  If you assume that the attacker can do 500M attempts per second, then
all shared secrets less than 8 characters long can be trivially broken.
 And it gets MUCH worse than that if people are less rigorous about
using a wide range of ASCII characters.

  Alan DeKok.

v2.45.0 | Report a Bug | By Email | System Status