| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <OFD2E83C9F.DB441C7B-ONC1256E78.002C76B9-C1256E78.002D29D4@wave-solutions.com> From: christoph.gruber at wave-solutions.com (Christoph Gruber) Subject: UPDATE: Cisco Security Notice: Dictionary Attack on Cisco LEAP Vulnerability CISCO wrote on 12.04.2004 19:59:19: > Summary > > Cisco LEAP is a mutual authentication algorithm that supports dynamic > derivation of session keys. With Cisco LEAP, mutual authentication relies > on a shared secret, the user's logon password-which is known by the client > and the network, and is used to respond to challenges between the user and > the Remote Authentication Dial-In User Service (RADIUS) server. > > As with most password-based authentication algorithms, Cisco LEAP is > vulnerable to dictionary attacks. As everyone can read in every good book about crypto, challenge-response methods should use a piece of information called "salt" that prevents attacks of being performed that easy. Because hashes with no salt always look the same, and you can prehash them. Salted hashes can not be calculated before an attack and are not ultimate save, but much harder to crack in realtime. (during an attack) If the developers at CISCO had done their homework, that would have never happened. Dear Josh, nice work, I regret that we we didnt get our beers when we met last time. -- Christoph Gruber, Security WAT1SE WAVE Solutions Information Technology GmbH Nordbergstrasse 13, A - 1090 Wien, Austria christoph.gruber@...e-solutions.com Office: +43 1 71730 53514, Mobile: +43 664 81 22 66 1 PGP-Fingerprint: CCFF 5D66 7073 952C 7AB3 C2DF 435A C85C 558E D42B
Powered by blists - more mailing lists