Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Shared Secret Recovery in RADIUS
From: tqbf () ENTERACT COM (Thomas H. Ptacek)
Date: Tue, 29 Jul 1997 21:14:07 -0500

authentication.  Through packet capture and exploitation of the fact that
the shared secret is the only unknown present, the shared secret can be
recovered.  This has extremely significant implications.

Well written. Thanks for posting it.

This attack was sent to Livingston and posted to the RADIUS discussion
list (I'm at a loss for the name of it) last year. I think it's worthwhile
to note that the attacks you're pointing out are actively being exploited,
and have been for awhile. "Global roaming" systems involving RADIUS
proxies will dramatically increase the implications of this attack.

A possible interim fix, mentioned to me by a peer who shall remain
nameless, is to "SALT" the data being hashed with a random number. With an
8 bit random number, unknown to the legitimate server/NAS being spoken to,
this dramatically increases the difficulty of the dictionary attack you're
mentioning, while adding no more than 256 extra MD5 verification
iterations to the legitimate server.

Of course, this would involve the modification of substantion portions of
NAS code. It may be a useful idea for RADIUS proxies; however, at this
point, it could be a fair assessment to say that RADIUS should simply go

Thomas Ptacek at EnterAct, L.L.C., Chicago, IL [tqbf () enteract com]
"If you're so special, why aren't you dead?"

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]