RE: [Mip4] dynamic keys

["Jeremy A. Greene" <Jeremy at TataraSystems.com>]

Not clear on how this would practically work since the server side
(aaah) almost definitely will not have access to anything but verifying
a text username and password string (say to a MS domain server).

But, more importantly, there's a concern in the 802.11, wpa area that
touches on this:
http://wifinetnews.com/archives/002452.html 

Jeremy

-----Original Message-----
From: Henrik Levkowetz [mailto:henrik@levkowetz.com] 
Sent: Wednesday, February 11, 2004 5:06 AM
To: Jeremy A. Greene
Cc: mip4@ietf.org; aaa-wg@merit.edu
Subject: Re: [Mip4] dynamic keys

Tuesday 10 February 2004, Jeremy A. Greene wrote:
> Username/pw can be tied to their existing ones (like existing aaa pw
> or through MS domain etc.).  And username/pws tend to be easier to
> remember and update. And a md5 key is not the easiest thing to
> remember or type in. Anyway, it seems that it's a more traditional
> approach that people have already dealt with in one way or another.
> This seems like another thing to deal with.

I see no reason why a one-time username/password (or a pre-existing one,
if it is deemed strong enough), cannot be run through a hash function to
give you your initial AAAH-MN key.  As long as the hash function is the
same at both ends, the entropy of the username/password used as input is
sufficient, and the method of distributing the username/password is
deemed secure enough for the application in hand, you're home free.
There's no reason to bother a user with entering a string of hex digits,
for instance. 

	Henrik

--
Mip4 mailing list
Mip4@ietf.org
https://www.ietf.org/mailman/listinfo/mip4