RE: Generation of CHAP Secrets...

[Black_David@emc.com]

Bill,

> How will my endpoint determine the randomness of the CHAP key and
> therefor determine if the CHAP key is valid for the encryption level of
> the link ?  I am assuming by the requirement as stated that I have to
> test the CHAP secret for randomness to determine that there are really
> more than 96 bits of randomness in the secret, and if there are not, and
> the link is not encrypted reject the connection.

The randomness requirement is placed on the "administrative entity" which
is not the iSCSI protocol endpoint.  The CHAP secret does not have to
be checked for randomness *by the iSCSI endpoint* (good thing, as it's
not possible to check a bit string for a minimum amount of randomness if
one does not know how it was generated).  The thing that an iSCSI endpoint
SHOULD do is check the size of the CHAP secret if it can determine it (e.g.,
if an external RADIUS server is being used, an iSCSI endpoint may not know
the size of the CHAP secret being used to authenticate its peer):

   A compliant implementation SHOULD NOT continue with the login step in 
   which it should send a CHAP response (CHAP_R - Section 10.1.4 Chal-
   lenge Handshake Authentication Protocol (CHAP)) unless it can verify 
   that either the CHAP secret is at least 96 bits, or that IPsec 
   encryption is being used to protect the connection.

Also, please note the following related requirement:

	Implementations MUST NOT provide secret generation (or expansion)
	means other than random generation.

This text prohibits the "disastrous implementation shortcut"
that I warned about in a previous message.

Thanks,
--David
---------------------------------------------------
David L. Black, Senior Technologist
EMC Corporation, 42 South St., Hopkinton, MA  01748
+1 (508) 249-6449            FAX: +1 (508) 497-8018
black_david@emc.com       Mobile: +1 (978) 394-7754
---------------------------------------------------