CISCO PIX Vulnerability

From: Damir Rajnovic (Damir.Rajnovicat_private)
Date: Wed Jun 03 1998 - 07:24:50 PDT

Next message: Matthias Urlichs: "Re: pingflood.c"

Previous message: David Wagner: "Re: CISCO PIX Vulnerability"
Next in thread: David Wagner: "Re: CISCO PIX Vulnerability"
Maybe reply: David Wagner: "Re: CISCO PIX Vulnerability"
Reply: Damir Rajnovic: "Re: CISCO PIX Vulnerability"
Reply: Damir Rajnovic: "Re: CISCO PIX Vulnerability"
Reply: Rick Smith: "Re: CISCO PIX Vulnerability"
Reply: Jamie Thain: "Re: CISCO PIX Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----

Hello there,

Additional details regarding CISCO's Field Notice -
PIX Private Link Key Processing and Cryptography Issues

CISCO PIX Private Link feature uses DES key that is only 48 bits in length.
It is not obvious straight away since key is internally expanded from
7-bytes (as entered in command line) to 8-bytes that is used by DES. If
you dig into that expansion algorithm you'll find that third byte, counting
from the right, is not used at all. This is how key is expanded:

#!/usr/local/bin/perl
# Key used by DES
@key_data=( 0, 0, 0, 0, 0, 0, 0, 0 );
# Key entered in LINK statement
@key_in = ( 0x00, 0x00, 0x00, 0x00, 0x00, 0xda, 0xaa );

# Key expansion algorithm
$byte = ($key_in[6] & 0x3F) << 2;
$key_data[6] |= $byte;
$byte = ($key_in[6] & 0xC0) >> 5;
$key_data[5] |= $byte;

$byte = ($key_in[5] & 0x7F) << 1;
$key_data[7] = $byte;
$byte = ($key_in[5] & 0x80) >> 6;
$key_data[6] |= $byte;
#
# Byte 4 (from left) seems to be ignored
#
$byte = ($key_in[3] & 0x01) << 7;
$key_data[1] |= $byte;
$key_data[0] = ($key_in[3] & 0xFE );

$byte = $key_in[2] & 0x03;
$key_data[2] |= ($byte << 6);
$byte = ($key_in[2] & 0xFC) >> 1;
$key_data[1] |= $byte;

$byte = $key_in[1] & 0x07;
$key_data[3] |= ($byte << 5 );
$byte = $key_in[1] & 0xF8;
$key_data[2] |= ($byte >> 2);

$byte = $key_in[0] & 0x0F;
$key_data[4] |= ($byte << 4);
$byte = $key_in[0] & 0xF0;
$key_data[3] |= ($byte >> 3);
#
# Now you can use key in @key_data for encryption

Apparently, knowing what bits are fixed will not bring attacker 
any additional 'gain' in breaking a DES. At least I was told that by 
people from sci.crypt group.

Another thing is that PIX is using DES in ECB mode. CISCO admits that
"....ECB is not generally considered to be the best mode in which to 
employ DES,...." but you'll have to live with it. CISCO will not fix
that so you'll have to buy future IPSEC/IKE products.

Cheers,

Gaus


-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.5.3i for non-commercial use <http://www.pgpi.com>

iQCVAwUBNXUJgMAFeq0PniW5AQGQXAP9Gj7AvwHtvzgv0FlAVIOfRlHCWKN+APdM
VsGfvPKXxxkZbmJKu/27J0mChsx7Kp60TXWMATiaosVHSBVYpm5vQ8B1ljF9GZtz
FJcuo/wN746coNaQSHiJv4jytun7VzmG6/gJF3O746GrAMhzj2VTeSvUlGMVx2a0
NlNhH7HJ8Yo=
=ow3T
-----END PGP SIGNATURE-----

---------------------------------------------------------------
EuroCERT				tel: (+44 1235) 822 382
c/o UKERNA                              fax: (+44 1235) 822 398
Atlas Centre
Chilton, Didcot
Oxfordshire OX11 0QS, UK

Next message: Matthias Urlichs: "Re: pingflood.c"
Previous message: David Wagner: "Re: CISCO PIX Vulnerability"
Next in thread: David Wagner: "Re: CISCO PIX Vulnerability"
Maybe reply: David Wagner: "Re: CISCO PIX Vulnerability"
Reply: Damir Rajnovic: "Re: CISCO PIX Vulnerability"
Reply: Damir Rajnovic: "Re: CISCO PIX Vulnerability"
Reply: Rick Smith: "Re: CISCO PIX Vulnerability"
Reply: Jamie Thain: "Re: CISCO PIX Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:56:44 PDT