Hello Nitish, As you mentioned, RFC 7143 (iSCSI) references RFC 1994 (PPP CHAP) and both require that algorithm 5 (MD5) be implemented. But, RFC 1994 also states that up-to-date values are specified as assigned numbers (calling out RFC 1700). RFC 1700 was obsoleted by RFC 3232, which established a separate IANA database for assigned numbers.
If you look up the PPP Authentication Algorithms in the IANA database, you can see the assignments for SHA-1, SHA-256 and SHA3-256. https://www.iana.org/assignments/ppp-numbers/ppp-numbers.xhtml#ppp-numbers-9 Maurizio Lombardi and myself from Red Hat worked with David Black to get these assigned numbers from IANA, and then implemented the Open-iSCSI and Linux kernel target support. The need at the time was to provide an option for FIPS compliant algorithms in environments where MD5 is not allowed to be used. I hope this helps! - Chris Leech On Mon, Aug 4, 2025 at 6:02 AM KUMAR NITISH <[email protected]> wrote: > > Hi, > > This mail is regarding usage of algorithms SHA1, SHA2 and SHA3 with iSCSI for > CHAP authentication. > RFC 1994 mentions support for only the MD5 algorithm, I have copied the RFC > excerpt below. > > "The Algorithm field is one octet and indicates the authentication method to > be used. > Up-to-date values are specified in the most recent "Assigned Numbers" [2]. > One value is required to be implemented: 5 CHAP with MD5 [3]" > > Clearly the RFC does not mention other values that map to SHA1, SHA2 and SHA3. > But I see open-iscsi and scst-iscsi implementations have used values 6, 7, 8 > for these algorithms. > > open-iscsi : auth.c > AUTH_CHAP_ALG_MD5 = 5, > AUTH_CHAP_ALG_SHA1 = 6, > AUTH_CHAP_ALG_SHA256 = 7, > AUTH_CHAP_ALG_SHA3_256 = 8, > > iscsi-scst : chap.c > #define CHAP_DIGEST_ALG_MD5 5 > #define CHAP_DIGEST_ALG_SHA1 6 > #define CHAP_DIGEST_ALG_SHA256 7 > #define CHAP_DIGEST_ALG_SHA3_256 8 > > Can someone please share details on how open-iscsi and iscsi-scst > implementations decided to use these numbers? > Is this covered in any specification/RFC, how would targets or other OSes > know the value to be used? > Please share any document references. > > Thanks, > Nitish > > -- > You received this message because you are subscribed to the Google Groups > "open-iscsi" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion visit > https://groups.google.com/d/msgid/open-iscsi/CAGEDioPc0UQMtrXr4fLQbedDT4cja5WPcLV-cU6Nn-C34TNHsw%40mail.gmail.com. -- You received this message because you are subscribed to the Google Groups "open-iscsi" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/d/msgid/open-iscsi/CAPnfmXKH%2B7c1%3D1az%2BroCwp1Kw3rRWO9TC-9rGLVP-8C6gMpbTA%40mail.gmail.com.
