On Thu, 24 Apr 2003, David Wagner wrote: > Michael Thumann wrote: > >4. Of course the psk must be weak to crack it in an acceptable amount of time > > What do you expect IPSec to do if you give it an insecure, guessable key? > Noone claimed it would be secure in such a situation. > > I find your recommendations hard to take seriously. This is not a > vulnerability in IPSec.... You seem to have missed the vulnerability. The vulnerability is *not* that, if you use a weak key, an attacker has a better chance of guessing it. The vulnerability is that you are giving away information that allows him to test his guesses on his own, rather than by using your system to test the keys. In the former case, you have no idea that an attack is occurring. In the later case, you can determine from the number of failed authentication attempts that an attack is likely occurring, and take measures (such as "locking" the account under attack, blocking that range of IP addresses, or making any request from that range fail whether the secret is correct or not). You can also greatly slow the rate at which the attacker can make guesses by controlling the rate at which you will respond to authentication requests. Keep in mind that, even if you use very secure keys, there is still a (small) chance that an attacker could guess your key anyway, just by trying random keys for a while. Having other methods in place, as well as secure key, will help in your defense. cjs -- Curt Sampson <cjs@cynic.net> +81 90 7737 2974 http://www.netbsd.org Don't you know, in this new Dark Age, we're all light. --XTC
