[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: (radius) FWD: (mobile-ip) MD5 Key recovery attack



>>From: dpkemp@missi.ncsc.mil (David P. Kemp)
>>Message-Id: <199602121439.JAA02761@argon.ncsc.mil>
>>
>>There are (at least :-) two directions in which to look for solutions:
>>
>> 1) Internet Draft "draft-krawczyk-keyed-md5-01.txt" presents an
>>    analysis of the use of hash functions as Message Authenticators.
>>    It suggests using the construct:
>>
>>       Hash(Key, Pad2, Hash(Key, Pad1, Text))
>>
>>    in lieu of other structures such as Hash(Key, Text, Key).
>>    The Krawczyk MAC relies on significantly fewer assumptions about
>>    the properties of the hash algorithm than do other methods (which
>>    were apparently concocted without much in the way of security
>>    analysis).

In light of this work, are there any plans to update RFC1828?


Derrell Piper   | piper@tgv.com      | 408/457-5384
TGV, Inc.       | 101 Cooper Street  | Santa Cruz, CA 95060 USA