Bugtraq mailing list archives

Re: Cracking preshared keys

From: Gary Flynn <flynngn () jmu edu>
Date: Thu, 24 Apr 2003 15:41:01 -0400



Michael Thumann wrote:

To get the XAUTH based authentication information (that is the partwhere the RADIUS Server is involved) you must start a man in the middleattack and this MITM attack is only possible when you've already crackedthe preconfigured preshared key and when you are in physical position toperform a MITM attack (that's really not too easy).
Hope that helps ;-


I'm not sure that XAUTH is the same as the "IKE Shared Secret AAA".
I got the impression from the Cisco docs that with the latter,
either the Radius password or something derived from it was used to
create the shared key for the initial Diffie-Hellman exchange.

I've documented my (probably faulty) understanding of the
process here:

http://www.jmu.edu/computing/security/vpnauth.shtml

Thanks for any clarity you can lend.

--
Gary Flynn
Security Engineer - Technical Services
James Madison University

Please R.U.N.S.A.F.E.
http://www.jmu.edu/computing/runsafe

Current thread:

Cracking preshared keys Michael Thumann (Apr 23)
- Re: Cracking preshared keys Damir Rajnovic (Apr 23)
  - Re: Cracking preshared keys Derek (Apr 24)
  - Re: Cracking preshared keys Gary Flynn (Apr 24)
    - Re: Cracking preshared keys Michael Thumann (Apr 24)
    - Re: Cracking preshared keys Gary Flynn (Apr 24)
- Re: Cracking preshared keys David Wagner (Apr 24)
  - Re: Cracking preshared keys Michael Thumann (Apr 24)
  - Re: Cracking preshared keys Curt Sampson (Apr 25)
  - Re: Cracking preshared keys Stefan Laudat (Apr 26)
- <Possible follow-ups>
- RE: Cracking preshared keys Rager, Anton (Anton) (Apr 24)
- Re: Cracking preshared keys hank (Apr 25)