[strongSwan] Implications of Weak DH / Logjam on IPSec

Gerd v. Egidy lists at egidy.de
Thu May 21 14:27:34 CEST 2015

Hi Martin,

thanks for your detailed answer.

> > What happens if you use RSA keys instead of PSK? I guess the attacker
> > now also needs to crack them before he can get at the session keys,
> > correct?
> No. With RSA authentication in IKEv1, or any authentication method in
> IKEv2, the long-term credentials are used for authentication only. So if
> you manage to break MODP1024, the protocol is broken. If you can compute
> the shared DH secret from the public values, you can derive all keymat
> as passive attacker.

Ouch. So the use of MODP1024 should be phased out soon. Unfortunately a bunch 
of routers only support MODP1024 and nothing else :(

Kind regards,


More information about the Users mailing list