SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    Re: Generation of CHAP Secrets...





    That is correct.  It also says that you should not knowingly provide means to extend a "short(weak)" secret into an apparently long secret.

    Julo


    Hutchinson_Adam@emc.com
    Sent by: owner-ips@ece.cmu.edu

    08/20/2002 08:05 PM

           
            To:        ips@ece.cmu.edu
            cc:        
            Subject:        Generation of CHAP Secrets...

           


    Do the following statements mean that users should not be allowed to create their own secrets (passwords) to ensure the randomness of all secrets?

     

    When CHAP is performed over a non-encrypted channel, it is vulnerable

    to an off-line dictionary attack. Implementations MUST support

    use of up to 128 bits random CHAP secrets, including the means to

    generate such secrets and to accept them from an external generation

    source. Implementations MUST NOT provide secret generation (or expansion)

    means other than random generation.

     

    ---

    Adam

     

     





Home

Last updated: Wed Aug 21 18:18:53 2002
11658 messages in chronological order