The Routing Over Large Clouds Mailing List Archive by date[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index][Thread Index][Author Index][Subject Index] Security aspects of NHRP
Since I missed the earlier discussions of ROLC, were there any discussion papers on the requirements and philosophy for the authentication aspects of the protocol? One of our security experts has had a brief look and asked questions I couldn't answer. He made some suggestions :- > RFC 1828 IP Authentication using Keyed MD5 > > Internet Draft Keyed MD5 for Message Authentication > (http://www.research.ibm.com/security/draft1.txt) > > Message Authentication with MD5 > (http://www.rsa.com/rsalabs/cryptobytes/spring95/md5.html) > > These references should at least be included in the draft. The draft is > suggesting that keyed MD5 be implemented as MD5(text,key), ie. the key > is appended to the text for hashing (prepending the key is known to be > weak). There are many ways to combine the key, and the Internet Draft > above suggests MD5(key,padding,MD5(key,padding,text)). I have about 10 > references to papers on the topic of keying MD5. If you would like a > summary of these papers to be presented to the working group... cheers, David David Horton Centre for Information Technology Research Level 2 South Tower, 339 Coronation Drive, Milton, Australia 4064 Email: d.horton@citr.uq.oz.au Phone +61 7 32592222 Fax +61 7 32592259 |
|