IETF Logo Mail Archive

Re: [saag] RADIUS is deprecating MD5

Peter Gutmann <pgut001@cs.auckland.ac.nz> Sun, 31 March 2024 10:50 UTC

Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7367BC14F5F8 for <saag@ietfa.amsl.com>; Sun, 31 Mar 2024 03:50:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nhLyQu4XR5Vc for <saag@ietfa.amsl.com>; Sun, 31 Mar 2024 03:50:01 -0700 (PDT)
Received: from au-smtp-delivery-117.mimecast.com (au-smtp-delivery-117.mimecast.com [103.96.21.117]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AF720C14F5F5 for <saag@ietf.org>; Sun, 31 Mar 2024 03:49:59 -0700 (PDT)
Received: from AUS01-SY4-obe.outbound.protection.outlook.com (mail-sy4aus01lp2169.outbound.protection.outlook.com [104.47.71.169]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id au-mta-47-y84iup5CNAix3x8IQecfqw-1; Sun, 31 Mar 2024 21:49:56 +1100
X-MC-Unique: y84iup5CNAix3x8IQecfqw-1
Received: from ME0P300MB0713.AUSP300.PROD.OUTLOOK.COM (2603:10c6:220:229::18) by SY0P300MB0037.AUSP300.PROD.OUTLOOK.COM (2603:10c6:10:24d::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7452.21; Sun, 31 Mar 2024 10:49:54 +0000
Received: from ME0P300MB0713.AUSP300.PROD.OUTLOOK.COM ([fe80::b3cd:2a27:73e1:a974]) by ME0P300MB0713.AUSP300.PROD.OUTLOOK.COM ([fe80::b3cd:2a27:73e1:a974%5]) with mapi id 15.20.7452.019; Sun, 31 Mar 2024 10:49:54 +0000
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: Alan DeKok <aland@deployingradius.com>, "saag@ietf.org" <saag@ietf.org>
Thread-Topic: [saag] RADIUS is deprecating MD5
Thread-Index: AQHafhhYd6Pp6wDrq0CYMT6Bf16QJrFRtYpB
Date: Sun, 31 Mar 2024 10:49:53 +0000
Message-ID: <ME0P300MB0713122730DC9574730AC816EE382@ME0P300MB0713.AUSP300.PROD.OUTLOOK.COM>
References: <755BC73B-B981-4986-B45A-E9796DCC66BC@deployingradius.com>
In-Reply-To: <755BC73B-B981-4986-B45A-E9796DCC66BC@deployingradius.com>
Accept-Language: en-NZ, en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: ME0P300MB0713:EE_|SY0P300MB0037:EE_
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0
x-microsoft-antispam-message-info: XdTVnYsptyv0Sgfi5RdJtKMeUvkD8t9Iwiz5Ic8nAAsxg9H4qSycXgyEUO266kopXvIEGzgnryY6Ub7bbwwTdL9YamCwrDMtNRrKTS8Yvzro6LoJ2n4rOQyUHq2mCOnpahOSkqVNBanSAN1oZhJT5Ns+NILPi32B/4xwVgDtYd7DuKhzebHK/s/P4JoYiKaJw2F2Bs05rVfGp3RJywNp1Ww5gjrArCEe7Gwj930RZIXdh0NO6Vwa068HScLVXH3lf2Bno/3kF081KyTx3q2zmQG3B0BiNnCeztMijs8Kaliza2K2nZnxfhcuLuucSbgnXsfdxS9GlZ3xY9Cal+m9YXwmnlFYQ8fPcRXReMzZO9SeS0Mjx3Unp27OHT7JfFpCAOUfke145NnhigkdUBiWyTnp2BtsLpTV95aMPbGm9c945Z7LNcc5OtGJxpmmKSDn8tsyAJ5RnVLCi4pAz1V7Ryad2rls6hWUlv62raEgmSSs+AEz9Gloio0fPDJ7c9UJR/lrVI/BE9FhVq4T/wsJrq09omFUjJcWZ+mv1p5xG0hDH/9UiC34Cttk39rFL9riVSZeioqHSJU2FPtqlJkBGV7D1EziO0OhTWCZL/JTW3klpEBx+A8Rw5S92Zux0ajxOpqYLBMVMCtykNKDReK6Xgw/rtKUH0a7Xfu6o/doLus=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:ME0P300MB0713.AUSP300.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230031)(1800799015)(376005)(366007); DIR:OUT; SFP:1102
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: mu9/XWN5oCzYRuq+mZbZVUzhiz9RQ9nOhsAEm+4CrFOn7N3mbt7eAY678nZqX+dL07hR8hyMxT3aYSV97F3UmPRERBBNNAlBpAmhHmFNlPmZuwcu0AqI1boKM2zq7eYA+luw0zDsPzFx9yC3+0sUz1nauGmEdVezXnoeR3U7CX04tFhl0KaiXzLBH94I0O05CjHBi5XuyICBQthDd1bKmzc367xKx5UQ68N586JggNqozWi0UEtGwPEjBGzC3mtqaOQmw+SdY7m59rw2yE9uhiIaGfom0+qAXwt3uy7x6B1Uaz94kSZZDiCrCagKOnU/LOCHd/nln58ja2IXQT5E1dlvPYnpOj0IEKG4QNxnPZAIBb+JI0b4cJYj9C6JZMaguBYTBFNsyB2K7k9ElkrEaJIaY0hgdeK1se8gn+tk9fRO3Ll3E4s/82ZqzM3S1LBfhHfJ8INENDy74r0p4kjr155bGOpN8c/QKJk8gjI6j2fapVJ/LzgzzYl9nIC5XnzdWb/+CHOLf9nsKSOMktvWxRPeWwfvewZKX06hm2pbbxvVb4oupKq5TRsSvK3S2BbcpCCfW0mFVgcU7qEPFPokOZssGw20tzP6KoQPC+BaLBwy994M3/+P8FyZANIcWcXtLjI4QULgRp4tTvGp8SXTacF4DqQYnJzZEKda0KbfpNvFfEJqkQdZXt7HUT/mprF5fSCid+dIfRe6WsJLionVR60bdonyOljWGR06LERfys0bR8wF7zuPp1yeFPHjpzWNv6Vrdv74j+rT6UCdKGvqB5Pr8gsdCxtTE6Ad2JAU3d9Ng+PMvuHGPLvYon7uwM44VMiEdfoDE2IFyWKzbcqK0UqiTBOLIf+DXAhzLQU+JjRwsChvxRoTnba1ZnxbUSca1A8Ko6l+8sRIyVF2Ocs5LkUYW5ni8iAc5v+3Bm9eRqoUGhnJObkxtEybO3rfNIsktfwNCojIuASAEtmvamRtHWFjsQtpj6SUOdqf4sFamWxtQxMxUDpgVzJ9+jn7JY2NRc/M2H8c4wRlFS28CgtqP1KP5ZmZPUIBETmux4Q11sqjjoqaRTutdAvDYFcvgiIHyaebgXLdYMYiJIIcNGdbTbTMRUepdPbzqPBkb/xBnbZeTRebhJqhXuNHkJ+WTmjBxIMNQFUYJIsK2mne6dMYCzfAlZ22qWqaMhNjYgoFaHnmoTMq/kl3Il702Rlc1QzkvrxNix+PVjHTDUfB6QHQSgN6blbKonKFBhG9O7yX59Puwi4l6TzhYSsFC2evHOVWaYyrhHIXmRgWpu4VXUSGN1JWCHQaND3O1R7vgpsYwtEkoYs11inyWkHRYoQ//z7caz6Fgan1bNTaASgWQsyxvRPJe0pG+7Wwc8WG1l6IzgEXVTupxUILGRnFOa8Z5/z0W8ZQy/NS4OGrIH/kQr+6e8FzWRkbtTF6XXUeI6wr6gBG58e+L8roiW+yNRIC10EOmQkpw+QxLFkq63dD06ejLEICqNk1FCP8UBwxLUjaFTYbZZ8tXf8d4Bo9HPKhgnj3LFGZNOLePpeEPnt9OfdR6VEk7TVH0JiOxP/7Ukv/hcmLnwZs0olTBtX8BqGcXUcnrYOIDFXRd4W+1mCUPHVTEA==
MIME-Version: 1.0
X-OriginatorOrg: cs.auckland.ac.nz
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: ME0P300MB0713.AUSP300.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 732bc535-ff61-4aaf-656e-08dc51704c4e
X-MS-Exchange-CrossTenant-originalarrivaltime: 31 Mar 2024 10:49:53.7678 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: d1b36e95-0d50-42e9-958f-b63fa906beaa
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: +OjhMM1PCZISAEkgcAU9CulY7S9DIhQYM/TR/JDwLCvWrVde3Zj5XYgz1JGIZDwKm92fGUXo7ZclMS7evsR8LqGuLOJCLiT+WHibRLq1JWo=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SY0P300MB0037
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: cs.auckland.ac.nz
Content-Language: en-NZ
Content-Type: text/plain; charset="WINDOWS-1252"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/frfc5Pq3hkGzlsdNqsuGVu5GvNk>
Subject: Re: [saag] RADIUS is deprecating MD5
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 31 Mar 2024 10:50:02 -0000

Alan DeKok <aland@deployingradius.com> writes:

>We will be deprecating the use of RADIUS/UDP, in large part due to it's
>reliance on MD5.  Everyone shipping RADIUS clients should take a serious look
>at moving to TLS immediately.

Maybe I'm missing something here but won't this break pretty much every RADIUS
implementation in existence, in particular stuff that's been around forever
and is unlikely to change?

Also since the cases I'm familiar with just use RADIUS as an extremely awkward
transport mechanism for EAP-xTLS, with user = "anonymous" and password = some
widely-known dummy value at the RADIUS level so there's no security there to
begin with, it seems like the draft should emphasise that this applies to raw
RADIUS, not RADIUS used purely as a transport mechanism for something else.

Also, just to be nitpicky:

>While MD5 has been broken, it is a testament to the design of RADIUS that
>there have been (as yet) no attacks on RADIUS Authenticator signatures which
>are stronger than brute-force.

I'd say that's more a testament to the fact that there's nothing there worth
attacking, meaning that there are far easier and more effective attacks
elsewhere.  Use it to secure BTC transactions or something similar and I'm
sure we'd see attacks turn up fairly quickly.  This is based on experience
with very weak DKIM signing keys, which were breakable without too much effort
but where no-one ever bothered because they weren't protecting anything of
value that wasn't attackable through easier means.

Peter.

v2.23.0 | Report a Bug | By Email