[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Re[2]: ISAKMP performance
Regarding the speed of strong authentication ...
Daniel Harkins <dharkins@cisco.com> wrote:
> Is your local service provider using a cray as his NAS? You're not gonna
> see a D-H exchanges with any realistic prime plus a digital sign and
verify
> with any reasonably secure modulus in anything close to 1/1000 of a
second!
>
> FAST, CHEAP, SECURE: pick any two.
>
> And this has _nothing_ to do with ISAKMP either; any scheme which
> authenticates a Diffie-Hellman with digital signatures-- like SKIP or
> Photuris-- would have similar performance.
At 07:08 PM 7/16/97 -0400, Theodore Y. Ts'o replied:
>Dan's absolutely right.
>Your only other choice if you need that kind of authentication speed is
>to use a system based on secret-key technology, such as Kerberos.
Not quite. See below.
>(Hint: there's a reason why Microsoft selected Kerberos as its
>authentication technology for intra-domain authentication for NT.)
But it's not necessarily a good reason. There are much stronger
methods, such as password-authenticated Diffie-Hellman exchanges
EKE, SPEKE, etc. Some of these have nice scalability
characteristics, so that they can use a small DH modulus, and
still be much more resistant to passive dictionary
attack than Kerberos. The principle is that solving a
small discrete log problem is at least a lot harder
than computing a fast hash. Or, to paraphrase Dan ...
FAST, CHEAP, at least a lot more SECURE: Why not pick all three?
-- David
------------------------------------
David Jablon
Integrity Sciences, Inc.
tel: +1 508 898 9024
web: http://world.std.com/~dpj/
email: dpj@world.std.com
Follow-Ups:
References: