lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 26 Apr 2003 20:26:47 +0300 From: Stefan Laudat <stefan@...ldbank.ro> To: David Wagner <daw@...art.cs.berkeley.edu> Subject: Re: Cracking preshared keys > I find your recommendations hard to take seriously. This is not a > vulnerability in IPSec, a good reason to disable vpn access, or anything > like that. Just use some common sense in how you use the crypto. If you > must use pre-shared keys, choose strong keys; or, use public keys instead > of pre-shared keying. Surely you agree? Third option: there are some IPSEC implementations (such as Linksys' BEFVP41 vpn router) which blacklist the attacker's IP for a given amount of time when wrong PSK count overpasses a threshold. It takes an eternity to try many combinations though :) just my .02 eurocents -- Stefan Laudat CCNA & CCAI ------------- Marriage is the only adventure open to the cowardly. -- Voltaire
Powered by blists - more mailing lists