Re: secure ID token based authentication

["Ben Nagy" <ben () iagu net>]

----- Original Message -----
From: "Luca Berra" <bluca () comedia it>
[...]> i was thinking about this one
>
http://www.atstake.com/research/reports/acrobat/initial_securid_analysis.pdf
> there is an older paper written by Adam Shostak who is a contributor to
> this list
> http://www.homeport.org/~adam/dimacs.html
[...]

OK, so now we're talking about ACE/SecurID and not the RADIUS part of the
transaction (which, as Andrew Kalat wisely pointed out, can be mitigated by
using TACACS+ in some environments).

<rant>
I hear more poorly considered opinion about cryptographic protocols than
anything else. It's really not that hard to read these things with a
slightly sceptical mind, think carefully about the implications and form a
sensible opinion, but I'm constantly stunned by the number of times I've had
to wield the crypto cluestick (or watch as other people, who actually know
something about crypto, apply that trusty baton themselves). Putting
something in a whitepaper doesn't make it true, and suggesting that
something "may be attackable" doesn't make it dead. Luca - this is not
directed at you, since you've just quoted a lot of existing work, but seeing
some of the opinions expressed in some of those threads gets me all riled
again.
</rant>

I've previously offered my opinion on both the Mudge paper and Shostack's
work. The first, IMO, isn't (and doesn't claim to be) any kind of break. It
doesn't even suggest an attack - all that was to be saved "for the next
paper" which never arrived.

The Shostack paper, as one would expect, is clueful. Sadly, it was mainly
based on an old version of the ACE protocol, so the nastiest looking UDP
injection attack doesn't work. Adam also keeps Brainard's response on his
site here:

http://www.homeport.org/~adam/brainard.html

(John Brainard, among other achievements, wrote the internal hash for the
SecurID tokens. He's very smart.)

> we even have something in the archives of our favorite list
http://honor.trusecure.com/pipermail/firewall-wizards/2000-December/009833.h
tml
[...]

> From the same thread, anyone that cares enough to keep following this issue
should absolutely read this:
http://honor.trusecure.com/pipermail/firewall-wizards/2000-December/009739.

Vin knows his stuff. It's a long message, but it covers all the ground, and
I still read it from time to time when I'm talking about ACE/SecurID (and
not just because I get quoted a few times ;).

> --
> Luca Berra -- bluca () comedia it

In short, the ACE/SecurID protocol is showing its age. Fair enough. However
there still isn't any work I know of that credibly puts forth an attack
that's worth worrying about for most people. As always, I'm ready to change
my opinion in the light of _new_ evidence, but rehashing old arguments based
on old work isn't going to do it. ;)

Quoting Vin:

"As with any security technology, the design goal of a SecurID
token was not to make an attack upon it impossible, just impractical (and
more difficult and more costly than alternative attack options."

Which is the point, really.

Cheers,

Ben "I am not a cryptographer" Nagy

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards