Bugtraq mailing list archives
Re: Cracking preshared keys
From: daw () mozart cs berkeley edu (David Wagner)
Date: 24 Apr 2003 00:08:32 GMT
Michael Thumann wrote:
we would like to announce the publication of a proof of concept paper 'PSK cracking using IKE Aggressive Mode'. Paper can be downloaded from www.ernw.de/download/pskattack.pdf .
[...]
4. Of course the psk must be weak to crack it in an acceptable amount of time
Well, what did you expect? In your example, the pre-shared key was derived from the ``secret'' string "cisco". Of course, if you choose a key that the attacker can guess, the system won't be secure. Surprise! What do you expect IPSec to do if you give it an insecure, guessable key? Noone claimed it would be secure in such a situation. I find your recommendations hard to take seriously. This is not a vulnerability in IPSec, a good reason to disable vpn access, or anything like that. Just use some common sense in how you use the crypto. If you must use pre-shared keys, choose strong keys; or, use public keys instead of pre-shared keying. Surely you agree? User: "Doctor, doctor, it hurts when I use insecure crypto keys." Doctor: "Don't do that, then."
Current thread:
- Cracking preshared keys Michael Thumann (Apr 23)
- Re: Cracking preshared keys Damir Rajnovic (Apr 23)
- Re: Cracking preshared keys Derek (Apr 24)
- Re: Cracking preshared keys Gary Flynn (Apr 24)
- Re: Cracking preshared keys Michael Thumann (Apr 24)
- Re: Cracking preshared keys Gary Flynn (Apr 24)
- Re: Cracking preshared keys Damir Rajnovic (Apr 23)
- Re: Cracking preshared keys David Wagner (Apr 24)
- Re: Cracking preshared keys Michael Thumann (Apr 24)
- Re: Cracking preshared keys Curt Sampson (Apr 25)
- Re: Cracking preshared keys Stefan Laudat (Apr 26)
- <Possible follow-ups>
- RE: Cracking preshared keys Rager, Anton (Anton) (Apr 24)
- Re: Cracking preshared keys hank (Apr 25)