| RE: A synthesis on the existing (shared key) EAP methods... | <– Date –> <– Thread –> |
From: Pasi.Eronen (Pasi.Eronen nokia.com)
|
|
| Date: Fri, 2 Apr 2004 07:33:12 -0500 (EST) | |
Hi, This document looks like a very useful summary of existing EAP methods, thanks for taking the time to write it! I agree with you wish to standardize a replacement for EAP-MD5. However, it's worth noting that the current version of draft-walker-ieee802-req practically requires the use of public key cryptography for this, since the "Dictionary attack resistance" security claim MUST be supported. 2284bis says that "A method may be said to provide protection against dictionary attacks if, when it uses a password as a secret, the method does not allow an offline attack that has a work factor based on the number of passwords in an attacker's dictionary." As far as I know, this requires either some form of public key cryptography, or enforcing that the shared secret cannot be chosen by the user. Using e.g. PBKDF2 from PKCS#5 is not sufficient, since the work load is still basically the same: if the user's password is the Nth word in the dictionary, an attacker can find it in N operations (each operation takes slightly longer than without PBKDF2, though). As to the second alternative, IMHO totally prohibiting user-chosen shared secrets would reduce the usefulness of EAP-PSK (or whatever will be chosen as successor-of-EAP-MD5). However, I don't think this is an argument against EAP-PSK but instead an argument for making dictionary attack resistance a "SHOULD" instead of "MUST" in draft-walker-ieee802-req... Best regards, Pasi > -----Original Message----- > From: eap-admin [at] frascone.com > [mailto:eap-admin [at] frascone.com]On Behalf Of > ext Florent Bersani > Sent: Friday, April 02, 2004 12:49 PM > To: eap [at] frascone.com > Subject: [eap] A synthesis on the existing (shared key) EAP methods... > > > > ...is available at this URL before it reaches the archive: > http://eappsk.chez.tiscali.fr/draft-bersani-eap-synthesis-shar > edkeymethods-00.txt > > Any comments, feedback or additional information is most welcome. > > Florent, who wishes that a standard replacement for EAP-MD5 > be drafted (not especially EAP-PSK which is only a proposal > to stimulate the community ;-)) > > P.S : (Abstract of the draft) The purpose of this draft is to > gives a broad picture of the existing proposed EAP methods, > with a focus on shared key EAP methods. Indeed, it is the > belief of the author that a standard replacement for EAP-MD5 > (that is deprecated due to security reasons) is needed. By > listing the existing shared key EAP methods, the goal is to > gather consensus that such a multiplication of methods is > detrimental and that a single method retaining the best of > the existing proposals could and should be drafted.
-
A synthesis on the existing (shared key) EAP methods... Florent Bersani, April 2 2004
- RE: A synthesis on the existing (shared key) EAP methods... Pasi.Eronen, April 2 2004
- Re: A synthesis on the existing (shared key) EAP methods... Florent Bersani, April 2 2004
Results generated by Tiger Technologies using MHonArc.