| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 14 Dec 2003 07:00:00 +0900 (JST) From: itojun@...jun.org (Jun-ichiro itojun Hagino) To: tls@....tjls.com Cc: fw@...eb.enyo.de, aadams@...urityfocus.com, bugtraq@...urityfocus.com Subject: Re: Insecure IKE Implementations Clarification > On Fri, Dec 12, 2003 at 11:00:31PM +0100, Florian Weimer wrote: > > Thor Lancelot Simon wrote: > > > > > For what it's worth, the possibility of this general type of attack was > > > repeatedly discussed in the IPsec working group and is a major reason > > > why XAUTH was abandoned. The particular password-stealing attack that I > > > describe as been widely discussed among IKE implementors for at least two > > > years; other implementors probably independently noticed it at least as > > > early as I did, which was three years ago. > > > > And we have technology deployed that solves exactly the same problem in > > a reasonable way: SSH. > > Yes and no. SSH is not, by itself, a network-layer encryption solution, > and there are many applications where that's really desirable. The other > issue is, of course, that SSH's model for authenticating host identities > is, itself, a mess: in this day and age, it is not acceptable to just > punt on the problem of first contact and pretend that users will reasonably > exchange key fingerprints offline. The widespread success of sniffing > and MITM attacks on the SSH protocol -- all due to users not doing what > the protocol, by omitting any means of using a hierarchy or web to validate > host keys, requires them to do -- should be proof enough of this. there are efforts; draft-ietf-secsh-dns-05.txt. itojun
Powered by blists - more mailing lists