[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: (radius) FWD: (mobile-ip) MD5 Key recovery attack
>>From: dpkemp@missi.ncsc.mil (David P. Kemp)
>>Message-Id: <199602121439.JAA02761@argon.ncsc.mil>
>>
>>There are (at least :-) two directions in which to look for solutions:
>>
>> 1) Internet Draft "draft-krawczyk-keyed-md5-01.txt" presents an
>> analysis of the use of hash functions as Message Authenticators.
>> It suggests using the construct:
>>
>> Hash(Key, Pad2, Hash(Key, Pad1, Text))
>>
>> in lieu of other structures such as Hash(Key, Text, Key).
>> The Krawczyk MAC relies on significantly fewer assumptions about
>> the properties of the hash algorithm than do other methods (which
>> were apparently concocted without much in the way of security
>> analysis).
In light of this work, are there any plans to update RFC1828?
Derrell Piper | piper@tgv.com | 408/457-5384
TGV, Inc. | 101 Cooper Street | Santa Cruz, CA 95060 USA