|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: iSCSI: Login authentication SRP/CHAPSteve, So a CHAP calculation is: <initialize digest> MD5(<CHAP_I>) MD5(<secret>) MD5(<CHAP_C>) -> 16 byte digest -or- <initialize digest> MD5(<CHAP_I> | <secret> | <CHAP_C>) Where "|" is a concatenation function. -> 16 byte digest Shouldn't we be using the CHAP_N field rather than CHAP_I (CHAP Identifier)? I also noticed that RFC 1994 says to use the identifier (CHAP_I) as a reference in the response. The iSCSI draft doesn't refer to the CHAP_I value in the response. Thanks. : The CHAP_I (identifier), CHAP_C (challenge), : CHAP_N (name) and CHAP_R (response) : are also specified in RFC 1994: : : Identifier : : The Identifier field is one octet. The Identifier field MUST be : changed each time a Challenge is sent. : : The Response Identifier MUST be copied from the Identifier field : of the Challenge which caused the Response. : : Value (challenge and response) : : The Value field is one or more octets. The most : significant octet : is transmitted first. : : The Challenge Value is a variable stream of octets. The : importance of the uniqueness of the Challenge Value and its : relationship to the secret is described above. The Challenge : Value MUST be changed each time a Challenge is sent. The length : of the Challenge Value depends upon the method used to generate : the octets, and is independent of the hash algorithm used. : : The Response Value is the one-way hash calculated over : a stream of : octets consisting of the Identifier, followed by (concatenated : with) the "secret", followed by (concatenated with) the : Challenge : Value. The length of the Response Value depends upon the hash : algorithm used (16 octets for MD5). : : Name : : The Name field is one or more octets representing the : identification of the system transmitting the packet. There are : no limitations on the content of this field. For : example, it MAY : contain ASCII character strings or globally unique : identifiers in : ASN.1 syntax. The Name should not be NUL or CR/LF terminated. : The size is determined from the Length field.
Home Last updated: Thu Oct 18 18:17:29 2001 7288 messages in chronological order |