SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    RE: iSCSI: Login authentication SRP/CHAP



    Just to bring up a cynical point.  Why do we need SRP anyway... after all I
    am running over a required secure channel, so there should be no problem
    with just sending a user ID/Passphrase over the secure channel.  This will
    prevent a LOT of interoperability problems, extra code required to implement
    additional security algorithms, etc.
    
    This makes my implementation much simpler, I can seperate
    login/authentication parameters (currently SRP) vs. setting up a secure
    channel (IPsec).  If we go the Application level secure authentication
    method, I would rather we replace the security layer with TLS rather than
    IPsec, so we get authentication/security all in one place rather than
    scattered around lower layer protocols, application protocols...
    
    Bill Strahm
    +========+=========+=========+=========+=========+=========+=========+
    Bill Strahm     Software Development is a race between Programmers
    Member of the   trying to build bigger and better idiot proof software
    Technical Staff and the Universe trying to produce bigger and better
    bill@sanera.net idiots.
    (503) 601-0263  So far the Universe is winning --- Rich Cook
    
    
    -----Original Message-----
    From: owner-ips@ece.cmu.edu [mailto:owner-ips@ece.cmu.edu]On Behalf Of
    Michael Schoberg
    Sent: Wednesday, October 17, 2001 12:53 PM
    To: IPS Reflector (E-mail)
    Subject: iSCSI: Login authentication SRP/CHAP
    
    
    I'm having some problems figuring out the exact implementation for the login
    authentication protocols being proposed.  Is anyone else having similar
    issues answering these questions:
    
    What is the hashing algorithm that will be used for SRP authentication
    (SHA-1, MD5, HMAC-SHA1)?
    
    The SRP negotiation passes the following information (T->I):
    
    SRP_s = SRP salt
    SRP_N = (SRP n value - Large prime number.  All computations are performed
    modulo n)
    SRP_g = Primitive root modulo of n
    
    By passing [N] & [g] (T->I), does this mean the initiator must verify that
    [N] is a prime and [g] is a primitive root modulo of [N]?  What are the
    min/max digits for [N] and [g]?  If any of these are not satisfied (N not
    prime, g not primitive modulo root, #digits too small or large), could it be
    used as an attack against the initiator or be used to derive the initiator's
    password?
    
    
    
    The reference to RFC 1994 does not fully describe the CHAP function for
    iSCSI, it describes the CHAP message protocol which isn't really used in our
    case.  There's some parameters that need to be nailed down.  What is the
    CHAP hash algorithm: (MD5)?  What is the sequence of hashes that take place
    on a CHAP challenge to form the CHAP digest?
    
    The iSCSI draft allows for algorithm selection (CHAP_A=<A1,A2,...>) but
    doesn't describe any.  Are these supposed to dictate the hashing function or
    give a description of [what/how it] gets hashed (or both)?  Will there be a
    mandatory set (A1..An) that compliant iSCSI implementations must provide?
    Is there a reference that actually shows the sequence for a CHAP digest
    being formed from MD5 hashes?
    
    
    
    It would help to have an appendix with real username/password examples of
    the result exchange?  A table with a few sample sets would be useful for
    validating designs.
    
    


Home

Last updated: Wed Oct 17 18:17:24 2001
7273 messages in chronological order