Re: [Announce]: axspawn PAM with MD2, MD5, SHA1, RIPEMD160 and ARC4.

From: Luis Yanes (terhi.victor@logonet.com)
Date: Mon Mar 19 2001 - 02:27:33 EET

  • Next message: terhi.victor@logonet.com: "mx ?"

    M Taylor wrote:
    >
    > Regardless of the legal status (MD2 is a trademark of RSA Security I
    > believe is the only restriction. It is not a trade secret, and I don't
    > know of any patents for it.) MD2 is not recommended for new deployment
    > since 1996 by RSA Labs. (ftp://ftp.rsasecurity.com/pub/pdfs/bulletn4.pdf)
    >
    > MD5 is freely available to the best of my knowledge. RFC 1321 Newly
    > developed systems are not recommended to use it.

    Both are just to support old software. Please, note that none of the
    crypto libraries are included in the package, and you don't need to
    compile it with all. The package only has support for these functions,
    but don't include them. Certainly MD2 shouldn't have been choosen for
    this purpouse, but at the time the access filters was done seems that
    this concerns wasn't in the minds of the coders. Now is a fact that
    packet radio terminal programs in current use only support MD2 or MD5.
    I don't know any about others, nor public key. (Pointers wellcomed).
     
    > SHA1 is freely available from
    > <http://csrc.nist.gov/encryption/tkhash.html>. There are not
    > trademark/patent/trade secret restrictions on using SHA-1.
    >
    > RIPEMD160 <http://www.esat.kuleuven.ac.be/~bosselae/ripemd160.html> is not
    > patented.

    I just added support for these because was free and I had the libraries.
     
    > ARC4 (alleged RC4) is a hornet's nest. Considered to be derived an escaped
    > copy of RC4 which was originally protected by US trade secrets laws. It is
    > also a stream cipher, not a hashing algorithm.

    :-> Don't think that this will sting!. The trade secret holders
    maintain that ARC4 isn't RC4. ARC4 is supoused to be compatible (the same)
    and is free. RC4 is a trade mark and can't be used without paying a
    license. But I don't wan't to start a war on this. I'm sure that we
    won't be sued for use it.

    Althought RC4 is a stream cipher, can also be used for authentication.
    The way I used is just to ask for the stream cipher output given the
    passphrase and the IV. No secret data are transferred, since the plain
    text is known (nuls), and won't leak any valuable info to an adversary
    in this application. (Althought this can't be known for a third party).
    I added the posibility of authentication with ARC4, just because was
    given for free, due that was used for the passphrase change.

    > Of course, I suspect any of the above may be "offensive" to various
    > national's amateur radio laws where ciphers, secret codes, or anything that
    > obscures the meaning, is to be banned.

    I agree. Althought MD2 and MD5 are in use for packet radio since a
    long time now. And in an isolated system, simply there isn't any way
    for changing securely the passphrase without exchanging secret code.
     
    > What is needed is a challenge-response system, quite possibly using
    > public-key based digital signatures. Where a random text is given, and
    > the reponse is to return that random text signed. These method does not
    > obscure anything, and any other amateur or government athority can
    > clearly see what is happening. Either DSS (DSA) or RSA could be used.
    > RSA is no longer patented in the USA.

    I agree again. But in real life at the time, this is just the same.
    Public keys aren't known publicly for most systems, nor any trusted
    third party will hold them that could be reached from an nearly
    isolated packet radio system. So at least must be sent securely (to
    assure a trusted origin).

    Of course as said before, a public key scheme is better even for
    isolated systems. Just I did what I needed to make it work with the
    old software I had, and with what I knew. I think about it as other
    slow step towards a better system. Never coded before a public key
    scheme, so you can call me lazy. ;-)

    I apreciate your comments very much, and of couse further discussion
    about the future directions and present solutions will be wellcomed.

    -- 
    73's de Luis
    

    mail: melus0(@)teleline(.)es Ampr: eb7gwl.ampr.org http://www.terra.es/personal2/melus0/ <- PCBs for Homebrewed Hardware

    - To unsubscribe from this list: send the line "unsubscribe linux-hams" in the body of a message to cmffte.bprdw@rele.tunk.net



    This archive was generated by hypermail 2b30 : Mon Mar 19 2001 - 02:36:07 EET