Techly NewsGet the app

Get the latest tech news

New Blast-RADIUS attack breaks 30-year-old protocol used in networks everywhere


Ubiquitous RADIUS scheme uses homegrown authentication based on MD5. Yup, you heard right.

Unfortunately, MD5 proved to be based on a weak design: Within a few years, there were signs that the function might be more susceptible than originally thought to attacker-induced collisions, a fatal flaw that allows the attacker to generate two distinct inputs that produce identical outputs. Deprecation of MD5 didn’t start in earnest until 2012 after malware known as Flame, reportedly created jointly by the governments of Israel and the US, was found to have used a chosen prefix attack to spoof MD5-based code signing by Microsoft’s Windows update mechanism. More than 12 years after Flame's devastating damage was discovered and two decades after collision susceptibility was confirmed, MD5 has felled yet another widely deployed technology that has resisted common wisdom to move away from the hashing scheme—the RADIUS protocol, which is supported in hardware or software provided by at least 86 distinct vendors.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Year

Year

Photo of networks

networks

Photo of breaks

breaks

Related news:

News photo

Saudi Arabia is hosting the inaugural Esports Olympic Games next year

News photo

Buy a Microsoft Office 2021 license for Windows for $40 - lowest price of the year

News photo

52,000-year-old woolly mammoth chromosomes reconstructed from 'jerky-like' skin

« Wave begins delivery of fire-spewing engine with no moving parts
Three Mile Island Considers Nuclear Restart »