[strongSwan] Implications of Weak DH / Logjam on IPSec
Gerd v. Egidy
lists at egidy.de
Thu May 21 14:27:34 CEST 2015
Hi Martin,
thanks for your detailed answer.
> > What happens if you use RSA keys instead of PSK? I guess the attacker
> > now also needs to crack them before he can get at the session keys,
> > correct?
>
> No. With RSA authentication in IKEv1, or any authentication method in
> IKEv2, the long-term credentials are used for authentication only. So if
> you manage to break MODP1024, the protocol is broken. If you can compute
> the shared DH secret from the public values, you can derive all keymat
> as passive attacker.
Ouch. So the use of MODP1024 should be phased out soon. Unfortunately a bunch
of routers only support MODP1024 and nothing else :(
Kind regards,
Gerd
More information about the Users
mailing list