Quick summary:
Passwords are XORed with md5( concat(vect, secret) ).
Unless the choice of vect predictably restricts the possible
hash values. The hash can not be determined since secret
is not publicised, nor can the hash be inverted given the
password in order to reveal the secret.
Authentication packets are signed by replacing vect with
md5( concat(packet, secret) ) where vect is initialized with
the value of the vect in the query packet prior to hashing.
Alteration of the reply requires forging the hash or finding
a desired alteration which preserves the hash. Both are
infeasible by arguments similar to the above.
If there are results where one can predict
md5( concat(A, B, C) ) from md5( concat(A, B) ), A, B, and C,
or a strong statment relating
md5( A ) and md5( f(A) ) where f induces some minimal change
(perturb a single bit) on A,
or even a feasible method for determining an arbitrary small set
of bits of an MD5 hash given the remaining bits, then I'd believe
there's a hole. Such vulnerabilities would make MD5 useless in
many of its current applications. If the guy is unhappy with the
shared secret, I think that patents and ITAR prevent easy adoption
of the "other" solutions.
Regards,
-- Christopher Oliver Traverse Communications Systems Coordinator 223 Grandview Pkwy, Suite 108 oliver@traverse.com Traverse City, Michigan, 49684 'tis an ill wind that blows no minds.