SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    RE: iSCSI: Login authentication SRP/CHAP



    Steve,
    
    So a CHAP calculation is:
    	<initialize digest>
    	MD5(<CHAP_I>)
    	MD5(<secret>)
    	MD5(<CHAP_C>)
    	-> 16 byte digest
    -or-
    	<initialize digest>
    	MD5(<CHAP_I> | <secret> | <CHAP_C>)  Where "|" is a concatenation
    function.
    	-> 16 byte digest
    
    Shouldn't we be using the CHAP_N field rather than CHAP_I (CHAP Identifier)?
    
    
    I also noticed that RFC 1994 says to use the identifier (CHAP_I) as a
    reference in the response.  The iSCSI draft doesn't refer to the CHAP_I
    value in the response.
    
    Thanks.
    
    
    
    : The CHAP_I (identifier), CHAP_C (challenge),
    : CHAP_N (name) and CHAP_R (response)
    : are also specified in RFC 1994:
    : 
    :    Identifier
    : 
    :       The Identifier field is one octet.  The Identifier field MUST be
    :       changed each time a Challenge is sent.
    : 
    :       The Response Identifier MUST be copied from the Identifier field
    :       of the Challenge which caused the Response.
    : 
    :    Value (challenge and response)
    : 
    :       The Value field is one or more octets.  The most 
    : significant octet
    :       is transmitted first.
    : 
    :       The Challenge Value is a variable stream of octets.  The
    :       importance of the uniqueness of the Challenge Value and its
    :       relationship to the secret is described above.  The Challenge
    :       Value MUST be changed each time a Challenge is sent.  The length
    :       of the Challenge Value depends upon the method used to generate
    :       the octets, and is independent of the hash algorithm used.
    : 
    :       The Response Value is the one-way hash calculated over 
    : a stream of
    :       octets consisting of the Identifier, followed by (concatenated
    :       with) the "secret", followed by (concatenated with) the 
    : Challenge
    :       Value.  The length of the Response Value depends upon the hash
    :       algorithm used (16 octets for MD5).
    : 
    :    Name
    : 
    :       The Name field is one or more octets representing the
    :       identification of the system transmitting the packet.  There are
    :       no limitations on the content of this field.  For 
    : example, it MAY
    :       contain ASCII character strings or globally unique 
    : identifiers in
    :       ASN.1 syntax.  The Name should not be NUL or CR/LF terminated.
    :       The size is determined from the Length field.
    


Home

Last updated: Thu Oct 18 18:17:29 2001
7288 messages in chronological order