[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: l2tp as ipsra solution

To: Henry Spencer <henry@xxxxxxxxxxxxx>
Subject: Re: l2tp as ipsra solution
From: Daniel Fox <dfox@xxxxxxxxxxxxxxxxxxxx>
Date: Wed, 14 Jun 2000 11:18:01 -0400
Cc: IPSRA list <ietf-ipsra@xxxxxxxx>, dfox@xxxxxxxxxxxxxxxxxxxx
List-archive: <http://www.vpnc.org/ietf-ipsra/mail-archive/>
List-id: <ietf-ipsra.vpnc.org>
List-unsubscribe: <mailto:ietf-ipsra-request@vpnc.org?body=unsubscribe>
References: <>
Sender: owner-ietf-ipsra@xxxxxxxxxxxxx

Excellent point.

I wonder if there's anyone out there still using /etc/passwd (instead of shadow)
that don't keep the one-way-encryption output secret?

But I think we need to think more generically.  Are there *any* authentication
databases that do not protect the secrecy of one-way-encryption output?  After
all, that is the point of one-way encryption, that you do not need to keep it
secret.

This goes to the very heart of simple password exchanges.  If you are more
worried about people snooping your databases than about snooping the wire, then
you chose a simple password exchange (like PAP), and store the password in the
database one-way encrypted.  On the other hand, if you are more worried about
people snooping the wire, then you chose a challenge-response exchange (like
CHAP), and store the password in the database in the clear.

Don't we need to support both types of authentication exchanges?

An interesting wrinkle to this is that PAP has been deprecated (a mistake, IMHO,
but a reality nonetheless) by the PPP WG.  Does this mean that our scheme of
supporting legacy authentication mechanisms can't take PAP into account?  But
then there's LDAP...

Henry Spencer wrote:

> On Wed, 14 Jun 2000, Daniel Fox wrote:
> > It's worse than that.  There are some authentication mechanisms (PAP
> > with /etc/passwd) that do not store the cleartext password (the pre-shared
> > secret) on the server, but a one-way hash encryption.  Therefore,
> > there are some legacy secrets that cannot be downloaded...
>
> That problem can be circumvented by thinking of the situation differently:
> the shared secret is the output of the one-way encryption, not the
> original password.  (This does assume that the one-way-encryption output
> really has been kept secret -- as opposed to trusting entirely in the
> one-way encryption to preserve secrecy -- but that's normal these days...)
>
>                                                           Henry Spencer
>                                                        henry@xxxxxxxxxxxxx

begin:vcard 
n:Fox;Daniel
tel;work:978-206-0405
x-mozilla-html:FALSE
url:http://www.ennovatenetworks.com
org:Ennovate Networks
adr:;;60 Codman Hill Road;Boxborough;MA;01719;USA
version:2.1
email;internet:dfox@xxxxxxxxxxxxxxxxxxxx
title:Principal Software Engineer
fn:Daniel Fox
end:vcard

Follow-Ups:
- Re: l2tp as ipsra solution
  - From: David Jablon
- Re: l2tp as ipsra solution
  - From: Henry Spencer

References:
- Re: l2tp as ipsra solution
  - From: Henry Spencer

Prev by Date: Re: l2tp as ipsra solution
Next by Date: Re: l2tp as ipsra solution
Previous by thread: Re: l2tp as ipsra solution
Next by thread: Re: l2tp as ipsra solution
Index(es):
- Date
- Thread