Re: Cracking preshared keys

From: Michael Thumann (mlthumann@ids-guide.de)
Date: Thu Apr 24 2003 - 12:31:48 PDT

Next message: bugzillaat_private: "[Full-Disclosure] [RHSA-2003:118-01] Updated mICQ packages fix vulnerability"

Previous message: KF: "SRT2003-04-24-1532 - Options Parsing Tool library buffer overflows."
In reply to: David Wagner: "Re: Cracking preshared keys"
Next in thread: Rager, Anton (Anton): "RE: Cracking preshared keys"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Noone was talkig about that IPSec isn't secure because of this attack 
scenario. We gave recommendations how to configure IPSec in a secure way 
with a proof of concept what might happen, if you don't. The described 
attack won't work too, if aggressive mode can be disabled as for example in 
Checkpoint FW-1, so it doens't depend only on a crackable PSK.

Using this attack every PSK is crackable, but good ones aren't crackable in 
an acceptable amount of time. I don't want to start another discussion 
about how to choose good password or preshared keys, I totally agree that 
you get a lot of security when you choose strong ones, but if you take a 
look at SANS TOP 20 ( http://www.sans.org/top20/ ) you can see that's still 
one of the most common problems in praxis.

So I think, that you can see that we don't have different point of views 
how to configure secure VPNs ;-)

At 00:08 24.04.03 +0000, David Wagner wrote:
>Michael Thumann  wrote:
> >we would like to announce the publication of a proof of concept paper 'PSK
> >cracking using IKE Aggressive Mode'. Paper can be downloaded from
> >www.ernw.de/download/pskattack.pdf .
>[...]
> >4. Of course the psk must be weak to crack it in an acceptable amount of 
> time
>
>Well, what did you expect?  In your example, the pre-shared key was
>derived from the ``secret'' string "cisco".  Of course, if you choose
>a key that the attacker can guess, the system won't be secure.  Surprise!
>
>What do you expect IPSec to do if you give it an insecure, guessable key?
>Noone claimed it would be secure in such a situation.
>
>I find your recommendations hard to take seriously.  This is not a
>vulnerability in IPSec, a good reason to disable vpn access, or anything
>like that.  Just use some common sense in how you use the crypto.  If you
>must use pre-shared keys, choose strong keys; or, use public keys instead
>of pre-shared keying.  Surely you agree?
>
>User: "Doctor, doctor, it hurts when I use insecure crypto keys."
>Doctor: "Don't do that, then."

----------------------------------------------------------------------------------------------------
Michael Thumann        mlthumann@ids-guide       www.ids-guide.de
Public Key available at http://www.ids-guide.de/MichaelThumann.asc
----------------------------------------------------------------------------------------------------
The only secure computer is one that's unplugged, locked in a safe,
and buried 20 feet under the ground in a secret location...and i'm not
even too sure about that one
                                                                    --Dennis 
Huges, FBI.

Next message: bugzillaat_private: "[Full-Disclosure] [RHSA-2003:118-01] Updated mICQ packages fix vulnerability"
Previous message: KF: "SRT2003-04-24-1532 - Options Parsing Tool library buffer overflows."
In reply to: David Wagner: "Re: Cracking preshared keys"
Next in thread: Rager, Anton (Anton): "RE: Cracking preshared keys"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Apr 24 2003 - 14:38:51 PDT