|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: Generation of CHAP Secrets...Vijay, > I believe, the secret size does have a direct impact on the cryptograohic > strength of the hash. If the secret size is less than the hashed value of > the algorithm, then it makes it easier for an exhaustive search attack. For > reference, here is a quote from the CHAP RFC page 3: > > The CHAP algorithm requires that the length of the secret MUST be at > least 1 octet. The secret SHOULD be at least as large and > unguessable as a well-chosen password. It is preferred that the > secret be at least the length of the hash value for the hashing > algorithm chosen (16 octets for MD5). This is to ensure a > sufficiently large range for the secret to provide protection against > exhaustive search attacks. iSCSI has gone above and beyond that by making the minimum length (MUST) 12 octets, and by requiring random generation, making its CHAP secrets considerably larger and harder to guess than a well-chosen password. The requirement for support of secrets up to 128 bits in size encompasses the "preferred" language above. Are you arguing that 96 bits of search space (> 10**27 possibilities) is insufficient protection against an exhaustive search attack? I agree that more than 128 bits of secret is pointless for MD5 because the output size bounds the size of the search space at somewhere in the neighborhood of 128 bits. Thanks, --David --------------------------------------------------- David L. Black, Senior Technologist EMC Corporation, 42 South St., Hopkinton, MA 01748 +1 (508) 249-6449 FAX: +1 (508) 497-8018 black_david@emc.com Mobile: +1 (978) 394-7754 ---------------------------------------------------
Home Last updated: Thu Aug 22 15:18:51 2002 11662 messages in chronological order |