SecurityFocus

Cracking preshared keys Apr 23 2003 10:35AM
Michael Thumann (mthumann ernw de) (2 replies)

Re: Cracking preshared keys Apr 24 2003 12:08AM
daw mozart cs berkeley edu (David Wagner) (3 replies)

Michael Thumann wrote:
>we would like to announce the publication of a proof of concept paper 'PSK
>cracking using IKE Aggressive Mode'. Paper can be downloaded from
>www.ernw.de/download/pskattack.pdf .
[...]
>4. Of course the psk must be weak to crack it in an acceptable amount of time

Well, what did you expect? In your example, the pre-shared key was
derived from the ``secret'' string "cisco". Of course, if you choose
a key that the attacker can guess, the system won't be secure. Surprise!

What do you expect IPSec to do if you give it an insecure, guessable key?
Noone claimed it would be secure in such a situation.

I find your recommendations hard to take seriously. This is not a
vulnerability in IPSec, a good reason to disable vpn access, or anything
like that. Just use some common sense in how you use the crypto. If you
must use pre-shared keys, choose strong keys; or, use public keys instead
of pre-shared keying. Surely you agree?

User: "Doctor, doctor, it hurts when I use insecure crypto keys."
Doctor: "Don't do that, then."

[ reply ]

Re: Cracking preshared keys Apr 26 2003 05:26PM
Stefan Laudat (stefan worldbank ro)

Re: Cracking preshared keys Apr 25 2003 04:34AM
Curt Sampson (cjs cynic net)

Re: Cracking preshared keys Apr 24 2003 07:31PM
Michael Thumann (mlthumann ids-guide de)

Re: Cracking preshared keys Apr 23 2003 07:46PM
Damir Rajnovic (gaus cisco com) (2 replies)

Re: Cracking preshared keys Apr 24 2003 03:30AM
Derek (derekm rogers com)

Re: Cracking preshared keys Apr 24 2003 01:10AM
Gary Flynn (flynngn jmu edu) (1 replies)

Re: Cracking preshared keys Apr 24 2003 07:46PM
Michael Thumann (mthumann ernw de) (1 replies)

Re: Cracking preshared keys Apr 24 2003 07:41PM
Gary Flynn (flynngn jmu edu)