Re: [radext] #86: MD5 Stream Cipher Weaknesses
"radext issue tracker" <trac+radext@zinfandel.tools.ietf.org> Sat, 12 March 2011 22:25 UTC
Return-Path: <owner-radiusext@ops.ietf.org>
X-Original-To: ietfarch-radext-archive-IeZ9sae2@core3.amsl.com
Delivered-To: ietfarch-radext-archive-IeZ9sae2@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2716A3A68F3 for <ietfarch-radext-archive-IeZ9sae2@core3.amsl.com>; Sat, 12 Mar 2011 14:25:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.6
X-Spam-Level:
X-Spam-Status: No, score=-102.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5WuYDmY4NHhv for <ietfarch-radext-archive-IeZ9sae2@core3.amsl.com>; Sat, 12 Mar 2011 14:25:00 -0800 (PST)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 7B14F3A690A for <radext-archive-IeZ9sae2@lists.ietf.org>; Sat, 12 Mar 2011 14:25:00 -0800 (PST)
Received: from majordom by psg.com with local (Exim 4.73 (FreeBSD)) (envelope-from <owner-radiusext@ops.ietf.org>) id 1PyXBx-0006Na-75 for radiusext-data0@psg.com; Sat, 12 Mar 2011 22:21:45 +0000
Received: from zinfandel.tools.ietf.org ([2001:1890:1112:1::2a]) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.73 (FreeBSD)) (envelope-from <trac+radext@trac.tools.ietf.org>) id 1PyXBt-0006NI-G0 for radiusext@ops.ietf.org; Sat, 12 Mar 2011 22:21:41 +0000
Received: from localhost ([::1] helo=zinfandel.tools.ietf.org) by zinfandel.tools.ietf.org with esmtp (Exim 4.74) (envelope-from <trac+radext@trac.tools.ietf.org>) id 1PyXBo-0008GY-2P; Sat, 12 Mar 2011 14:21:36 -0800
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: radext issue tracker <trac+radext@zinfandel.tools.ietf.org>
X-Trac-Version: 0.11.7
Cc: radiusext@ops.ietf.org
Auto-Submitted: auto-generated
X-Mailer: Trac 0.11.7, by Edgewall Software
To: bernard_aboba@hotmail.com
X-Trac-Project: radext
Date: Sat, 12 Mar 2011 22:21:36 -0000
Reply-To: radiusext@ops.ietf.org
X-URL: http://tools.ietf.org/radext/
Subject: Re: [radext] #86: MD5 Stream Cipher Weaknesses
X-Trac-Ticket-URL: http://trac.tools.ietf.org/wg/radext/trac/ticket/86#comment:1
Message-ID: <075.b7696d14718211b99253c6b6fcbd5940@trac.tools.ietf.org>
References: <066.62285455ad08292c0ca0af89a211ff48@trac.tools.ietf.org>
X-Trac-Ticket-ID: 86
In-Reply-To: <066.62285455ad08292c0ca0af89a211ff48@trac.tools.ietf.org>
X-SA-Exim-Connect-IP: ::1
X-SA-Exim-Rcpt-To: bernard_aboba@hotmail.com, radiusext@ops.ietf.org
X-SA-Exim-Mail-From: trac+radext@trac.tools.ietf.org
X-SA-Exim-Scanned: No (on zinfandel.tools.ietf.org); SAEximRunCond expanded to false
Sender: owner-radiusext@ops.ietf.org
Precedence: bulk
List-ID: <radiusext.ops.ietf.org>
#86: MD5 Stream Cipher Weaknesses
Changes (by bernard_aboba@…):
* status: new => closed
* resolution: => fixed
Comment:
Note that the Access-Request isn't the only RADIUS packet not protected by
a MIC in the Authenticator field; Status-Server also isn't protected that
way.
The proposed resolution is to change Section 3 to the following:
3. The Current State of RADIUS Security
RADIUS packets, as defined in [RFC2865], are protected by an MD5
message integrity check (MIC), within the Authenticator field of
RADIUS packets other than Access-Request [RFC2865] and Status-Server
[RFC5997]. The Message-Authenticator Attribute utilizes HMAC-MD5 to
authenticate and integrity protect RADIUS packets.
While RADIUS does not support confidentiality of entire packets,
various RADIUS attributes support encrypted (also known as "hidden")
values, including: User-Password [RFC2865, section 5.2], Tunnel-
Password [RFC2868, section 3.5], and various Vendor-Specific
Attributes, such as the MS-MPPE-Send-Key and MS-MPPE-Recv-Key
attributes defined in [RFC2548, section 2.4]. Generally speaking,
the hiding mechanism uses a stream cipher based on a key stream from
an MD5 digest. Attacks against this mechanism are described in
[RFC3579] Section 4.3.4.
Recent work on MD5 collisions does not immediately compromise these
functions absent knowledge of the RADIUS shared secret. However, the
progress toward compromise of MD5's basic cryptographic assumptions
has resulted in the deprecation of MD5 usage in a variety of
applications.
Add the following references to Section 8:
[RFC2548] Zorn, G., "Microsoft Vendor-specific RADIUS Attributes", RFC
2548, March 1999.
[RFC2868] Zorn, G., Leifer, D., Rubens, A., Shriver, J., Holdrege, M.
and I. Goyret, "RADIUS Attributes for Tunnel Protocol
Support", RFC 2868, June 2000.
[RFC5997] DeKok, A., "Use of Status-Server Packets in the Remote
Authentication Dialin User Service (RADIUS) Protocol", RFC
5997, August 2011.
--
---------------------------------------+------------------------------------
Reporter: bernard_aboba@… | Owner:
Type: defect | Status: closed
Priority: major | Milestone: milestone1
Component: Crypto-Agility | Version: 1.0
Severity: Active WG Document | Resolution: fixed
Keywords: |
---------------------------------------+------------------------------------
Ticket URL: <http://trac.tools.ietf.org/wg/radext/trac/ticket/86#comment:1>
radext <http://tools.ietf.org/radext/>
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
- [radext] #86: MD5 Stream Cipher Weaknesses radext issue tracker
- Re: [radext] #86: MD5 Stream Cipher Weaknesses radext issue tracker