ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: RFC 2195 (Was: what happened to newtrk?)

2006-09-08 00:26:27
from [Frank Ellermann] [Permanent Link] 
Christian Huitema wrote:


http://www.huitema.net/talks/ietf63-security.ppt


Thanks, with that hint I finally found the HTML version:
http://www3.ietf.org/proceedings/05aug/slides/apparea-4/ and
http://www3.ietf.org/proceedings/05aug/slides/plenaryt-1.pdf


With a somewhat unusual password I wouldn't know how an
attack works.



You would not, but the gentle folks writing the cracking tool
certainly know.


Certainly I don't know where to rent the zombie for 10 cents:
http://www3.ietf.org/proceedings/05aug/slides/apparea-4/sld5.htm

Next slide, yes, CRAM-MD5 is *not* designed for that attack.
Adding a prose version of your slides 3..6 and 13 to the
security considerations of a 2195bis could improve it.  Do I
miss a clue, or has DIGEST-MD5 essentially the same issue ?


Note that this is not related to potential weaknesses in MD5.


Right, add 20% to your costs to get SHA-1, etc.  How did you
calculate this, how long have the rented bots to crack a given
observed C/R ?

Frank



_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: RFC 2195 (Was: what happened to newtrk?), Frank Ellermann
Next by Date:  Re: Adjusting the Nomcom process, Brian E Carpenter
Previous by Thread:  RE: RFC 2195 (Was: what happened to newtrk?), Christian Huitema
Next by Thread:  RE: RFC 2195 (Was: what happened to newtrk?), Christian Huitema
Indexes:  [Date] [Thread] [Top] [All Lists]