IETF Logo Mail Archive

[Sip-security] Re: [Sipping] SIP authentication problem when using RES inDigest-AKA

Jari Arkko <Jari.Arkko@lmf.ericsson.se> Fri, 15 March 2002 08:53 UTC

Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id DAA23756 for <sip-security-archive@odin.ietf.org>; Fri, 15 Mar 2002 03:53:57 -0500 (EST)
Received: (from daemon@localhost) by optimus.ietf.org (8.9.1a/8.9.1) id DAA28684 for sip-security-archive@odin.ietf.org; Fri, 15 Mar 2002 03:53:59 -0500 (EST)
Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id DAA28456; Fri, 15 Mar 2002 03:52:50 -0500 (EST)
Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id DAA28403 for <sip-security@optimus.ietf.org>; Fri, 15 Mar 2002 03:52:47 -0500 (EST)
Received: from penguin-ext.wise.edt.ericsson.se (penguin-ext.wise.edt.ericsson.se [193.180.251.34]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id DAA23716; Fri, 15 Mar 2002 03:52:44 -0500 (EST)
Received: from fogerty.lmf.ericsson.se (fogerty.lmf.ericsson.se [131.160.11.6]) by penguin.wise.edt.ericsson.se (8.11.0/8.11.0/WIREfire-1.3) with ESMTP id g2F8qJR15801; Fri, 15 Mar 2002 09:52:19 +0100 (MET)
Received: from lmf.ericsson.se (lmf4ws450.lmf.ericsson.se [131.160.38.50]) by fogerty.lmf.ericsson.se (8.12.1/8.12.1/lmf.8.12.1.jcs) with ESMTP id g2F8qHUD006783; Fri, 15 Mar 2002 10:52:17 +0200 (EET)
Message-ID: <3C91B641.6FC4660F@lmf.ericsson.se>
Date: Fri, 15 Mar 2002 10:52:17 +0200
From: Jari Arkko <Jari.Arkko@lmf.ericsson.se>
Organization: Oy L M Ericsson Ab
X-Mailer: Mozilla 4.77 [en] (X11; U; SunOS 5.6 sun4u)
X-Accept-Language: en
MIME-Version: 1.0
To: Greg Rose <ggr@qualcomm.com>
CC: Jari Arkko <jarkko@piuha.net>, John W Noerenberg II <jwn2@qualcomm.com>, sipping@ietf.org, sip-security@ietf.org, aki.niemi@nokia.com, jari.arkko@ericsson.com, vesa.torvinen@lmf.ericsson.se, James Undery <jundery@ubiquity.net>, Sanjoy Sen <sanjoy@nortelnetworks.com>
References: <B8B673A9.9436%gparsons@nortelnetworks.com> <a0510151db8b6de3d1fb1@[129.46.77.186]> <4.3.1.2.20020315183342.02454340@127.0.0.1>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
Subject: [Sip-security] Re: [Sipping] SIP authentication problem when using RES inDigest-AKA
Sender: sip-security-admin@ietf.org
Errors-To: sip-security-admin@ietf.org
X-Mailman-Version: 1.0
Precedence: bulk
List-Id: Security Issues for the SIP protocol <sip-security.ietf.org>
X-BeenThere: sip-security@ietf.org
Content-Transfer-Encoding: 7bit

Greg Rose wrote:
> 
> At 08:16 AM 3/15/2002 +0200, Jari Arkko wrote:
> >Thanks for an interesting describing this interesting attack! I believe
> >while making draft-niemi the authors have been assuming that we do not
> >use the GSM compatibility mode (which I believe is the reason why the RES
> >could be only 32 bits). That is, when full AKA is used this isn't a problem.
> 
> Regrettably, this is not correct. RES could be as little as 32 bits *even
> in full AKA*.

Yes, but don't we have the choice of *requiring* that
in order to use AKA in Digest, you have to provide
128 bits? Is there a particular reason why less than
128 bits would have to be produced. In particular, as
the draft is currently written, we do not transport the
RES over the air, so its length is not an efficiency issue.

[By the way Vesa: it does not help extending a short user
password, because in the end there's not enough original
bits.]
 
Jari

_______________________________________________
Sip-security mailing list
Sip-security@ietf.org
https://www1.ietf.org/mailman/listinfo/sip-security

v2.23.0 | Report a Bug | By Email