Christian Huitema wrote:
> both Steve Bellovin and I presented the issues with such
Is that presentation online available somewhere ? I find the
way to http://www3.ietf.org/proceedings/05aug/index.html but
then I'm lost.
> Basic challenge response mechanisms like CRAM-MD5 are simply
> too weak to be used on the Internet. They are subject to
> dictionary attacks, which can retrieve the password in a very
> short time.
For a password in the dictionary, and if somebody sees the
challenge and the response. With a somewhat unusual password
I wouldn't know how an attack works.
That's my real problem: If users or worse implementors don't
know how stuff works it's bad. What you end up with are some
hypothetical situations like this:
- a lottery with a cute crypto random algorithm, and everybody
thought that it's perfect. Turns out that it's useless if
the list of participants is published together with the
result of the lottery.
- a nice library where implementors use it as documented. A
few years later the IETF changes an obscure default in the
library, and again years later an IETF WG decides that the
implementations using the updated library are non-conforming
- an IETF ticket system where apparently nobody (and certainly
not me) knows precisely why it used to work with my browser
until summer 2005, but doesn't anymore
- ditto a famous bookshop where I ordered books securely for
years, and now I use their insecure interface, because the
former doesn't work anymore for me (only their server for
the secure icons, but bad enough to be unusable for orders)
- a browser test site by a CERT where nobody knows why their
test suite doesn't work with my browser (other test sites
find no problem).
- an IETF server where my browser tells me again and again that
the server certificate expired 1998 (the correct behaviour
for this situation as far as I can judge it), but I'm pretty
sure that it did work before
The good thing with CRAM-MD5 is that I know how it works, and
that I have at least some ideas about its limitations.
I'm not really interested to negotiate charsets (especially not
if it boils down to "do you want UTF-8 or give up?"), security
layers (for a mail submission), or hash algorithms (by picking
CRAM-MD5 that point is moot).
Ietf mailing list