Re: Cracking preshared keys

[Curt Sampson <cjs () cynic net>]

On Thu, 24 Apr 2003, David Wagner wrote:

> Michael Thumann  wrote:
> > 4. Of course the psk must be weak to crack it in an acceptable amount of time
>
> What do you expect IPSec to do if you give it an insecure, guessable key?
> Noone claimed it would be secure in such a situation.
>
> I find your recommendations hard to take seriously.  This is not a
> vulnerability in IPSec....

You seem to have missed the vulnerability. The vulnerability is *not* that,
if you use a weak key, an attacker has a better chance of guessing it. The
vulnerability is that you are giving away information that allows him to
test his guesses on his own, rather than by using your system to test the
keys.

In the former case, you have no idea that an attack is occurring. In the
later case, you can determine from the number of failed authentication
attempts that an attack is likely occurring, and take measures (such as
"locking" the account under attack, blocking that range of IP addresses,
or making any request from that range fail whether the secret is correct
or not). You can also greatly slow the rate at which the attacker can
make guesses by controlling the rate at which you will respond to
authentication requests.

Keep in mind that, even if you use very secure keys, there is still a
(small) chance that an attacker could guess your key anyway, just by
trying random keys for a while. Having other methods in place, as well
as secure key, will help in your defense.

cjs
-- 
Curt Sampson  <cjs () cynic net>   +81 90 7737 2974   http://www.netbsd.org
    Don't you know, in this new Dark Age, we're all light.  --XTC