Bugtraq mailing list archives
Re: Cracking preshared keys
From: "Derek" <derekm () rogers com>
Date: Wed, 23 Apr 2003 23:30:31 -0400
Mitigation of this risk is to use, as long as practical, strong pre-shared keys, and to change them frequently. In Cisco IOS
software,
the PSK can be up to 128 characters in length. According to
some
estimates, one character carries from 1.3 to up to 4 bits of
entropy.
This means that the password can have, at maximum, anywhere
from 166
to 512 bits of entropy. The length of the PSK should be
determined
by your security policy.
Just an interesting note about the above comment. By generating 93 bytes of "cryptographic calibre" randomness, and then base64 encoding it, you will have a password that has 744 (93*8) bits of entropy, but is 128 bytes long. If a more efficient encoding mechanism is used (one that uses the full valid character set on a cisco, which I don't know personally) a larger key could potentially be generated. If a strong key such as the one described above is used, according to some estimates, this will take a _very_ long time to brute force. Cheers, Derek
Current thread:
- Cracking preshared keys Michael Thumann (Apr 23)
- Re: Cracking preshared keys Damir Rajnovic (Apr 23)
- Re: Cracking preshared keys Derek (Apr 24)
- Re: Cracking preshared keys Gary Flynn (Apr 24)
- Re: Cracking preshared keys Michael Thumann (Apr 24)
- Re: Cracking preshared keys Gary Flynn (Apr 24)
- Re: Cracking preshared keys Damir Rajnovic (Apr 23)
- Re: Cracking preshared keys David Wagner (Apr 24)
- Re: Cracking preshared keys Michael Thumann (Apr 24)
- Re: Cracking preshared keys Curt Sampson (Apr 25)
- Re: Cracking preshared keys Stefan Laudat (Apr 26)
- <Possible follow-ups>
- RE: Cracking preshared keys Rager, Anton (Anton) (Apr 24)
- Re: Cracking preshared keys hank (Apr 25)