lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 24 Apr 2003 20:31:48 +0100
From: Michael Thumann <mlthumann@...-guide.de>
To: daw@...art.cs.berkeley.edu (David Wagner),
	bugtraq@...urityfocus.com
Subject: Re: Cracking preshared keys


Noone was talkig about that IPSec isn't secure because of this attack 
scenario. We gave recommendations how to configure IPSec in a secure way 
with a proof of concept what might happen, if you don't. The described 
attack won't work too, if aggressive mode can be disabled as for example in 
Checkpoint FW-1, so it doens't depend only on a crackable PSK.

Using this attack every PSK is crackable, but good ones aren't crackable in 
an acceptable amount of time. I don't want to start another discussion 
about how to choose good password or preshared keys, I totally agree that 
you get a lot of security when you choose strong ones, but if you take a 
look at SANS TOP 20 ( http://www.sans.org/top20/ ) you can see that's still 
one of the most common problems in praxis.

So I think, that you can see that we don't have different point of views 
how to configure secure VPNs ;-)

At 00:08 24.04.03 +0000, David Wagner wrote:
>Michael Thumann  wrote:
> >we would like to announce the publication of a proof of concept paper 'PSK
> >cracking using IKE Aggressive Mode'. Paper can be downloaded from
> >www.ernw.de/download/pskattack.pdf .
>[...]
> >4. Of course the psk must be weak to crack it in an acceptable amount of 
> time
>
>Well, what did you expect?  In your example, the pre-shared key was
>derived from the ``secret'' string "cisco".  Of course, if you choose
>a key that the attacker can guess, the system won't be secure.  Surprise!
>
>What do you expect IPSec to do if you give it an insecure, guessable key?
>Noone claimed it would be secure in such a situation.
>
>I find your recommendations hard to take seriously.  This is not a
>vulnerability in IPSec, a good reason to disable vpn access, or anything
>like that.  Just use some common sense in how you use the crypto.  If you
>must use pre-shared keys, choose strong keys; or, use public keys instead
>of pre-shared keying.  Surely you agree?
>
>User: "Doctor, doctor, it hurts when I use insecure crypto keys."
>Doctor: "Don't do that, then."

----------------------------------------------------------------------------------------------------
Michael Thumann        mlthumann@...-guide       www.ids-guide.de
Public Key available at http://www.ids-guide.de/MichaelThumann.asc
----------------------------------------------------------------------------------------------------
The only secure computer is one that's unplugged, locked in a safe,
and buried 20 feet under the ground in a secret location...and i'm not
even too sure about that one
                                                                    --Dennis 
Huges, FBI.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ