|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: Generation of CHAP Secrets...That is correct. It also says that you should not knowingly provide means to extend a "short(weak)" secret into an apparently long secret. Julo
Do the following statements mean that users should not be allowed to create their own secrets (passwords) to ensure the randomness of all secrets?
When CHAP is performed over a non-encrypted channel, it is vulnerable to an off-line dictionary attack. Implementations MUST support use of up to 128 bits random CHAP secrets, including the means to generate such secrets and to accept them from an external generation source. Implementations MUST NOT provide secret generation (or expansion) means other than random generation.
--- Adam
Home Last updated: Wed Aug 21 18:18:53 2002 11658 messages in chronological order |