The User-Password Cipher Scheme
The way in which the User-Password
attribute is handled, on a very
general basis, is known as a stream cipher. A stream
cipher
is an encryption method that works with
continuous streams of input, which is usually a stream of plain-text
bits rather than fixed blocks; its opposite is a block
cipher
, which is an
encryption method that processes input in fixed blocks of input,
which are typically 64- or 128-bits long. A stream cipher generates a
keystream
,
and this is used in the encryption: when you combine this
keystream with the plain-text input stream using
the XOR operation, the contents of the stream are encrypted. The
generation of the keystream can be independent
of the plain text and
ciphertext
,
yielding what is termed a synchronous stream cipher, or it can depend
on the data and its encryption, in which case the stream cipher is
said to be self-synchronizing.
In the User-Password scheme, the first 16 octets act as a synchronous stream cipher, since the plain text input is independent of the keystream. However, after the first 16 octets, the keystream integrates the previous plain-text input and now becomes self-synchronizing. While this may seem overtly technical, the security of this cipher is questionable: the RADIUS protocol specification doesn’t make clear what the requirements are for this cipher. MD5 hashes are generally meant to be cryptographic hashes, not stream ciphers. There may be a security problem in this possible misuse. ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access