[Sip-security] Re: [Sipping] SIP authentication problem when using RES inDigest-AKA
Jari Arkko <Jari.Arkko@lmf.ericsson.se> Fri, 15 March 2002 08:53 UTC
Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id DAA23756 for <sip-security-archive@odin.ietf.org>; Fri, 15 Mar 2002 03:53:57 -0500 (EST)
Received: (from daemon@localhost) by optimus.ietf.org (8.9.1a/8.9.1) id DAA28684 for sip-security-archive@odin.ietf.org; Fri, 15 Mar 2002 03:53:59 -0500 (EST)
Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id DAA28456; Fri, 15 Mar 2002 03:52:50 -0500 (EST)
Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id DAA28403 for <sip-security@optimus.ietf.org>; Fri, 15 Mar 2002 03:52:47 -0500 (EST)
Received: from penguin-ext.wise.edt.ericsson.se (penguin-ext.wise.edt.ericsson.se [193.180.251.34]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id DAA23716; Fri, 15 Mar 2002 03:52:44 -0500 (EST)
Received: from fogerty.lmf.ericsson.se (fogerty.lmf.ericsson.se [131.160.11.6]) by penguin.wise.edt.ericsson.se (8.11.0/8.11.0/WIREfire-1.3) with ESMTP id g2F8qJR15801; Fri, 15 Mar 2002 09:52:19 +0100 (MET)
Received: from lmf.ericsson.se (lmf4ws450.lmf.ericsson.se [131.160.38.50]) by fogerty.lmf.ericsson.se (8.12.1/8.12.1/lmf.8.12.1.jcs) with ESMTP id g2F8qHUD006783; Fri, 15 Mar 2002 10:52:17 +0200 (EET)
Message-ID: <3C91B641.6FC4660F@lmf.ericsson.se>
Date: Fri, 15 Mar 2002 10:52:17 +0200
From: Jari Arkko <Jari.Arkko@lmf.ericsson.se>
Organization: Oy L M Ericsson Ab
X-Mailer: Mozilla 4.77 [en] (X11; U; SunOS 5.6 sun4u)
X-Accept-Language: en
MIME-Version: 1.0
To: Greg Rose <ggr@qualcomm.com>
CC: Jari Arkko <jarkko@piuha.net>, John W Noerenberg II <jwn2@qualcomm.com>, sipping@ietf.org, sip-security@ietf.org, aki.niemi@nokia.com, jari.arkko@ericsson.com, vesa.torvinen@lmf.ericsson.se, James Undery <jundery@ubiquity.net>, Sanjoy Sen <sanjoy@nortelnetworks.com>
References: <B8B673A9.9436%gparsons@nortelnetworks.com> <a0510151db8b6de3d1fb1@[129.46.77.186]> <4.3.1.2.20020315183342.02454340@127.0.0.1>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
Subject: [Sip-security] Re: [Sipping] SIP authentication problem when using RES inDigest-AKA
Sender: sip-security-admin@ietf.org
Errors-To: sip-security-admin@ietf.org
X-Mailman-Version: 1.0
Precedence: bulk
List-Id: Security Issues for the SIP protocol <sip-security.ietf.org>
X-BeenThere: sip-security@ietf.org
Content-Transfer-Encoding: 7bit
Greg Rose wrote: > > At 08:16 AM 3/15/2002 +0200, Jari Arkko wrote: > >Thanks for an interesting describing this interesting attack! I believe > >while making draft-niemi the authors have been assuming that we do not > >use the GSM compatibility mode (which I believe is the reason why the RES > >could be only 32 bits). That is, when full AKA is used this isn't a problem. > > Regrettably, this is not correct. RES could be as little as 32 bits *even > in full AKA*. Yes, but don't we have the choice of *requiring* that in order to use AKA in Digest, you have to provide 128 bits? Is there a particular reason why less than 128 bits would have to be produced. In particular, as the draft is currently written, we do not transport the RES over the air, so its length is not an efficiency issue. [By the way Vesa: it does not help extending a short user password, because in the end there's not enough original bits.] Jari _______________________________________________ Sip-security mailing list Sip-security@ietf.org https://www1.ietf.org/mailman/listinfo/sip-security
- [Sip-security] SIP authentication problem when us… John W Noerenberg II
- [Sip-security] RE: SIP authentication problem whe… Sanjoy Sen
- [Sip-security] [Sipping] RE: SIP authentication p… John W Noerenberg II
- [Sip-security] RE: SIP authentication problem whe… Sanjoy Sen
- [Sip-security] RE: SIP authentication problem whe… Greg Rose
- [Sip-security] RE: SIP authentication problem whe… Greg Rose
- [Sip-security] Re: [Sipping] SIP authentication p… Jari Arkko
- [Sip-security] Re: [Sipping] SIP authentication p… Greg Rose
- [Sip-security] Re: [Sipping] SIP authentication p… Jari Arkko
- [Sip-security] Re: SIP authentication problem whe… Niemi Aki (NET/Espoo)
- [Sip-security] Re: SIP authentication problem whe… Niemi Aki (NET/Espoo)
- [Sip-security] Re: SIP authentication problem whe… Jari Arkko
- [Sip-security] Re: [Sipping] SIP authentication p… Niemi Aki (NET/Espoo)
- [Sip-security] RE: SIP authentication problem whe… James Undery
- [Sip-security] Re: [Sipping] Re: SIP authenticati… Niemi Aki (NET/Espoo)
- [Sip-security] RE: SIP authentication problem whe… Sanjoy Sen
- [Sip-security] RE: SIP authentication problem whe… Greg Rose
- Re: [Sip-security] RE: SIP authentication problem… Jari Arkko
- Re: [Sip-security] RE: SIP authentication problem… Greg Rose
- Re: [Sip-security] RE: SIP authentication problem… Jari Arkko
- Re: [Sip-security] RE: SIP authentication problem… Greg Rose
- Re: [Sip-security] RE: SIP authentication problem… John W Noerenberg II
- Re: [Sip-security] RE: SIP authentication problem… Greg Rose
- Re: [Sip-security] RE: SIP authentication problem… Jari Arkko