[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Comments on CRACK (shared secrets)
No, you're right. I missed that somehow.
So actually there's no barrier against using this legacy authentication
scheme if you don't mind using AM, but if you want identity protection then
the only limitation is the SKEYID_e derivation algorithm.
Beauty without truth is insubstantial.
Truth without beauty is unbearable.
From: Jan Vilhuber [mailto:vilhuber@xxxxxxxxx]
Sent: Thursday, October 28, 1999 12:58 AM
To: Andrew Krywaniuk
Subject: RE: Comments on CRACK (shared secrets)
On Thu, 28 Oct 1999, Andrew Krywaniuk wrote:
> Here we have a completely secure example of a legacy authentication system
> which is secured using shared secrets. Of course the question arises
> regarding how one should handle dynamic IP assignment. As I discussed
> both AM and MM don't really support using id types other than IPs with
> shared secrets.
Why do you say that? In AM, the ID is sent before any encryption happens,
so I can pick a shared secret based on the ID contents, be they ID_FQDN,
ID_USER_FDQN, ID_IPV4, whatever...
Wondering if I'm missing something,
Jan Vilhuber vilhuber@xxxxxxxxx
Cisco Systems, San Jose (408) 527-0847