On Sunday 27 November 2005 15:21, Sam Hartman wrote:
Actually, no, it's worse than that. A preimage attack is sufficient
to break this. However you cannot reduce a break of this system to a
preimage attack.
It's always inspiring to meet someone who knows a lot about a complex topic
like hash algorithms.
I am not happy with a protocol whose security depends on treating md5
as a random oracle.
Again, very inspiring to meet someone who knows about md5, random oracles, et
cetera. However, this protocol's security does not rely in any way on md5
or any other hash. The hash is present as a privacy mask. It has limited
value since the thing being protected is broadcast over the wire on a regular
basis, but we put it in because we were asked to. The security of the
protocol rests on the security of the DNS update mechanism; if you are
concerned about DNS update security with your DHCP server, I suggest using
some kind of cryptographic authentication. I use TSIG, and am reasonably
happy with it.
In order for the DHCID hash to be a security issue, it has to be the case that
you have more than one DHCP server that is permitted to update the same zone
in the DNS, and yet have no trust relationship between these DHCP servers.
This is a contradiction in terms - if you don't have a trust relationship
between two updaters of the same zone, you don't have any update security at
all for that zone.
I would really encourage people who are commenting on this to please, please
read the drafts for detailed comprehension, not just for keywords. I get
the impression that a lot of keyword triggering is going off here, and it's
really not constructive.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf