Bugtraq mailing list archives
Re: Shared Secret Recovery in RADIUS
From: adam () HOMEPORT ORG (Adam Shostack)
Date: Thu, 31 Jul 1997 10:23:57 -0400
Riku Meskanen wrote: | On Tue, 29 Jul 1997, Thomas H. Ptacek wrote: | > This attack was sent to Livingston and posted to the RADIUS discussion | > list (I'm at a loss for the name of it) last year. I think it's worthwhile | > to note that the attacks you're pointing out are actively being exploited, | > and have been for awhile. "Global roaming" systems involving RADIUS | > proxies will dramatically increase the implications of this attack. | > | Some work seems to be done by Dale Cook <cdm () hyperk com> of SCIENTECH to | solve these issues, see | | http://www.livingston.com/Tech/Technotes/Security/RADIUS-RSA.shtml Some comments on this: 1. There may be speed issues; I can stop your radius server by making more requests for authentication than you can handle. I may even do this legitamately. 2. The use of RSA is incorrect; see Anderson's "Robustness Principles" paper from Crypto 95. You need to sign before encrypting, not afterwards. ("This public key is used to encrypt the entire authentication packet along with a dummy secret key, the resulting encrypted packet is signed with the private key of the server.") Anderson's paper can be found at http://www.cl.cam.ac.uk/users/rja14/ 3. Since the code uses RSAref, its probably vulnerable to a timing attack. (See Kocher's paper in Crypto 96; www.cryptography.com) The use of signing an encrypted message leads me to worry substantially about the implementation. I haven't spent time looking to see if there are other problems, but with one that large, I'd be suprised if its the only one. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume
Current thread:
- Re: Shared Secret Recovery in RADIUS Thomas H. Ptacek (Jul 29)
- Re: Shared Secret Recovery in RADIUS Riku Meskanen (Jul 30)
- Re: Shared Secret Recovery in RADIUS Thomas H. Ptacek (Jul 30)
- Re: Shared Secret Recovery in RADIUS Adam Shostack (Jul 31)
- Re: Shared Secret Recovery in RADIUS Riku Meskanen (Jul 30)