CHAP secret lengths

To: <Julian_Satran@il.ibm.com>
Subject: CHAP secret lengths
From: "Dean Scoville" <dean.scoville@qlogic.com>
Date: Thu, 13 Mar 2003 13:27:56 -0800
Cc: <ips@ece.cmu.edu>
content-class: urn:content-classes:message
Content-Transfer-Encoding: 8bit
Content-Type: text/plain;charset="iso-8859-1"
Sender: owner-ips@ece.cmu.edu
Thread-Index: AcLppwlEXvOXaVSJEdeLMwBQ2thomQ==
Thread-Topic: CHAP secret lengths

Julian,

The MD5 algorithm (RFC 1321) can encode messages that are
comprised of an arbitrary number of bits, and as such the 
message length need not be a multiple of 8-bits.

The CHAP RFC (RFC 1994) describes the CHAP Response 
value as being a one-way hash calculated over a stream of octets,
consisting of the Identifier, followed by (concatenated with) the 
"secret",  followed by (concatenated with) the Challenge Value.

This would lead me to believe that the CHAP secret must be an
integral number of octets, even though the MD5 algorithm is
capable of encoding messages that are not a multiple of 8-bits
and even though the iSCSI draft uses units of "bits" (96 random
bits, 128 bit random secrets, etc.) when referring to acceptable
CHAP secret lengths.

Can we assume that CHAP secrets will always be a multiple of 8-bits?
If not, do we need to pad the secret to a multiple of 8-bits (using
0's as pad bits, perhaps?) before concatenating it with the Identifier
and Challenge values and running the result through the MD5 algorithm?

thanks,
Dean Scoville

Follow-Ups:
- Re: CHAP secret lengths
  - From: Paul Koning <pkoning@equallogic.com>
- Re: CHAP secret lengths
  - From: wrstuden@wasabisystems.com

Prev by Date: FW: iSCSI: connection failure in a multii-connection session
Next by Date: iSCSI: two CmdSN gap questions
Prev by thread: I-D ACTION:draft-ietf-ips-isns-18.txt
Next by thread: Re: CHAP secret lengths
Index(es):
- Date
- Thread

Home

Last updated: Thu Mar 13 20:19:20 2003
12425 messages in chronological order