RE: PKI and RADIUS

C (michael.bauer@guidant.com)
Wed, 24 Feb 1999 14:47:44 -0600

• Next message: Peter Gutmann: "Re: SSL sans RSA"
• Previous message: Lewis McCarthy: "Re: cost for cracking 512 bit RSA?"
• In reply to: Thomas Roessler: "cost for cracking 512 bit RSA?"
• Next in thread: 'Ge' Weijers': "Re: PKI and RADIUS"
• Reply: 'Ge' Weijers': "Re: PKI and RADIUS"

Hi, Ge'.

> -----Original Message-----
> From: Ge' Weijers [SMTP:ge@progressive-systems.com]
> Sent: Wednesday, February 24, 1999 1:31 PM
> To: Bauer, Michael (C)(STP)
> Subject: Re: PKI and RADIUS
>
> On Tue, Feb 23, 1999 at 09:59:43AM -0600, Bauer, Michael (C)(STP) wrote:
> > At any rate there's gotta be a better (or at least cheaper but equally
> > strong) way to authenticate users for dial-up or VPN than hard tokens.
>
> Hard tokens provide one thing not available in software-only
> solutions: the credentials are hard to copy. PK crypto and
> certificates don't buy you much by themselves. Digital certificates
> can be stolen surreptitiously from a laptop's hard disk, and an
> offline dictionary attack on the encrypted private key is likely to
> succeed.
>
Even if the passphrase for the private key is well-chosen? (Like, minimum
length of 15 chars. plus the mandatory mixing of upper/lower case &/or
non-alpha chars.? That could be enforceable in the key-generation sw.) Is
it really a given that breaking the protection on the private key is
trivial? (Here come the flames...)

I agree that storing the certificate/private-key on a hard drive is the weak
piece of the picture. Still, in certain applications it might be an
acceptable risk: for example, in a dial-up scenario, where your main
concern is "random hackers from the void" rather than, say, untrusted
insiders (consultants, like me ;-) with access to trusted users' machines,
or corporate spies following users around in airports waiting for the
opportunity to pilfer a laptop system. I'm talking about Joe Businessman,
here, not government/military users.

> In short: you may be better off just using passwords, especially if
> you use an authentication method that does not leak any information
> about the password.
>
> Bruce Schneier made a passing reference to a product he had audited
> that provided something like 'software tokens'. You'd need both the
> 'token' and a secret password to gain access, and offline attacks are
> supposedly impossible. He could not discuss the internals yet because
> he signed an NDA. I wonder whether it's available by now....
>
I've evaluated a couple of "soft tokens" (Axent's & Security Dynamics'). In
terms of usability, the tokens themselves were O.K. (Axent's is actually
very easy to use, hopefully not so easy to crack) -- the back ends (server
software) were the problem. For a small-to-medium business that wants to
provide VPN access to a few users, the learning curve (& cost) associated
with ACE/Server or Axent DSS is unjustifiably steep. Obviously, though,
even a smaller business shouldn't be using plain old static
username/password combos for VPN authentication (or even regular dial-up,
IMHO) , so that's why I'm looking for alternatives. (Sigh. Maybe there
aren't any, and I'm doomed to implement ACE/Server everywhere I go... It
isn't that I _hate_ ACE/Server, I just don't always think it's the best tool
for the job.)

Regards and thanks,

Mick Bauer

• Next message: Peter Gutmann: "Re: SSL sans RSA"
• Previous message: Lewis McCarthy: "Re: cost for cracking 512 bit RSA?"
• In reply to: Thomas Roessler: "cost for cracking 512 bit RSA?"
• Next in thread: 'Ge' Weijers': "Re: PKI and RADIUS"
• Reply: 'Ge' Weijers': "Re: PKI and RADIUS"