[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: can ISAKMP cookies be zero?
I think you've missed the point.
Any process of generating tokens which is properly random will produce a
value of 0 eventually (assuming it is U(0, 2**n)). A value of 0 is no more
predictable than any other if this condition is met.
The problem is that implementations are assuming a special cookie meaning
for 0. This implies that (for completeness) any cookies should be tested
for a zero value when they are generated and discarded if so.
It's always possible that someone else will generate a cookie that you will
accept - the important thing is that the probability of this is sufficiently
low at to not present a threat.
Chris
> -----Original Message-----
> From: Gabriel Montenegro [mailto:gab@Eng.Sun.Com]
> Sent: 09 June 1999 01:12
> To: hugh@mimosa.com
> Cc: IPsec List; John D. Hardin
> Subject: Re: can ISAKMP cookies be zero?
>
>
> > Are 0 cookies prohibited? If so, where?
>
> rfc's 2522 and 2408.
>
> > Does anyone think 0 cookies should be allowed? If not, how should
> > this be legislated?
>
> well, they are only useful as anti-clogging tokens to reduce
> off-the-path
> denial-of-service attacks if they are unpredictable. a value of 0 does
> not satisfy this. photuris (rfc2522.txt) spells out
> the cookie generation requirements and isakmp (rfc2408.txt) echoes
> them in section 2.5.3. i'd say a 0 cookie does not satisfy requirement
> 2:
> 2. It must not be possible for anyone other than the issuing
> entity to generate cookies that will be accepted by that
> entity. This implies that the issuing entity
> must use local
> secret information in the generation and subsequent
> verification of a cookie. It must not be
> possible to deduce
> this secret information from any particular cookie.
>
>
>
> -gabriel
>