Fangliang (Leon, ICSL) schrieb am 23.01.2015 um 08:54: > The current Key Localization Algorithm have obvious vulnerability. We never > see such cryptographic algorithm defect in other widely used protocol. Hacker > communities have mentioned the current key localization method as a loophole, > and plan to exploit the vulnerability or publish it to CVE.
To me, your statement seems exaggerating the issue: The problem is simply that passwords A...A consisting of repetitions of an expression A result in the same key as passwords with less repetitions. However, the entropy gained by repetitions is quite low, and if a user chooses the password "bertbert", she cannot expect it much more difficult to guess than if it was "bert". Thus, the fact that the attacker succeeds as soon as he guesses "bert" is just a gradual amplification of an issue that exists outside the cryptographic method. And as others have pointed out, it is common sense that choosing such passwords A...A is poor practice. I don't mean say that the issue is completely irrelevant, but just it is not as severe as your post seems to imply. And given the difficulties involved with a potential change, I doubt that it is worth. That said, I suggest to include a warning into the security considerations of draft-hmac-sha-2-usm-snmp pointing to this issue and recommending (generally) to use sufficiently strong passwords. RFC 3414 already contains such a caveat but repeating it in the new specification might help to draw attention to it. -- Johannes _______________________________________________ OPSAWG mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsawg
