1 / 7

RADIUS Shared Secret Security Amplification A practical approach to improved security

RADIUS Shared Secret Security Amplification A practical approach to improved security. http://www.funk.com/documents/ draft-funk-radiusext-shared-secret-amp-00.txt Paul Funk Funk Software. Shared Secret Question. Is RADIUS encryption/validation good enough?

arav
Download Presentation

RADIUS Shared Secret Security Amplification A practical approach to improved security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. RADIUS Shared Secret Security Amplification A practical approach to improved security http://www.funk.com/documents/draft-funk-radiusext-shared-secret-amp-00.txt Paul Funk Funk Software

  2. Shared Secret Question • Is RADIUS encryption/validation good enough? • Primary threat is dictionary attack • Attacker must have layer 2 traffic visibility • In theory: • Yes, if you use a strong shared secret • More so if you use IPsec • Proper network hygiene helps • In practice: • Security police cannot force strong shared secrets to be used • IPsec introduces its own kind of nightmare

  3. Make It Easier For Administrators • Use PKCS-5 to convert ordinary secrets to strong ones: • Start with “precursor” secret • “Amplify” its security by repeated PKCS-5 hashing • Precursor secret can be administrator-friendly: • Can be remembered • Doesn’t need to be written down • Amplified shared secret: • Is much more resistant to dictionary attack • Can be generated via simple utility (need not be built in to RADIUS clients and servers) • Can be configured into existing RADIUS equipment by copy-and-paste • Can be regenerated as needed from precursor

  4. Amplification Process • PKCS-5 is used to amplify the precursor: • Hash the precursor secret 1,048,576 times (2 ^ 20) • Output 12 octets of pseudo-random data • Base64-encode into 16 ASCII characters • Example: • If precursor secret is “swordfish” … • Amplified shared secret is “g6QvQuRgRsl1AQ/E” • Try demo at: • http://www.funk.com/PasswordAmplifier

  5. Using a Salt For Increased Security • Optional “salt” improves security flavor: • The salt is just an additional piece of text • It is mixed with precursor during hashing • Salt ensures entropy meets minimum requirements, even with weak precursor secrets • Deployment • Administrator defines domain-wide salt • technicians pick precursors to generate shared secrets as needed

  6. Security Analysis • Equivalent to adding 20 bits of entropy to password • Ordinary dictionary attack against precursor: • Takes a million times longer • Attacker must perform a million hashes for each candidate precursor • Attack that might have taken an hour now takes over a hundred years • Equivalent to adding 20 bits of entropy to password • Dictionary attack directly against the amplified shared secret: • Infeasible, as it has 96 bits of apparent entropy • Precomputed dictionary attack: • Attacker computes many amplified shared secrets from precursors and stores them on CD-ROM • Uses CD-ROM in dictionary attack • Once CD-ROM is developed, dictionary attack against amplified secret is equivalent to attack against precursor • However, it will take decades to create CD-ROM • And storage capacity needs to run in the terabytes.

  7. Recommendations • Ordinary text is estimated at 2.5 bits of entropy per character: • 12 character secret has 30 bits of entropy • 16 character secret has 40 bits of entropy • Suggest precursors of at least 12, preferable 16 characters: • 12 character secret has 50 bits of entropy after amplification • 16 character secret has 60 bits of entropy after amplification

More Related