[strongSwan] (no subject)
Sandesh Sawant
sandesh.sawant at gmail.com
Tue Sep 4 08:15:56 CEST 2018
Hi Graham,
Thanks for clarifying this further.
Best,
Sandesh
On Mon, Sep 3, 2018 at 3:49 PM Graham Bartlett (grbartle) <
grbartle at cisco.com> wrote:
> Hi Sandesh
>
>
>
> The offline dictionary PSK attack isn’t something new (people have known
> about this since last millennia!).
>
>
>
> In summary if you have a ‘strong’ PSK you’re safe.. But if you have an
> active MiTM as described in the paper then they can perform an offline
> brute force attack against your PSK assuming they have the computing power
> to find it..
>
>
>
> I wrote the following to help explain this..
>
>
>
>
> https://www.linkedin.com/pulse/ike-brute-force-attack-explained-graham-bartlett/
>
>
>
> cheers
>
>
>
> *From: *Users <users-bounces at lists.strongswan.org> on behalf of Sandesh
> Sawant <sandesh.sawant at gmail.com>
> *Date: *Monday, 3 September 2018 at 10:20
> *To: *"andreas.steffen at strongswan.org" <andreas.steffen at strongswan.org>
> *Cc: *"users at lists.strongswan.org" <users at lists.strongswan.org>
> *Subject: *Re: [strongSwan] (no subject)
>
>
>
> Hello Andreas,
>
>
>
> Thanks for confirming that strongSwan isn't vulnerable to the mentioned
> attack.
>
>
>
> However the report claims to have exploits for PSK and RSA signature based
> authentication also... Quoting from the report abstract:
>
> "We exploit a Bleichenbacher oracle in an IKEv1 mode, where RSA
>
> encrypted nonces are used for authentication. Using this
>
> exploit, we break these RSA encryption based modes,
>
> and in addition break RSA signature based authentication
>
> in both IKEv1 and IKEv2. Additionally, we describe
>
> an offline dictionary attack against the PSK (Pre-Shared
>
> Key) based IKE modes, thus covering all available authentication
>
> mechanisms of IKE."
>
>
>
> Can you please confirm that strongSwan isn't vulnerable to the
> Bleichenbacher attack against IKEv2 signature based auth and offline
> dictionary attack mentioned for PSK based auth (irrespective of the PSK
> chosen by the user)?
>
>
>
> Thanks,
>
> Sandesh
>
>
>
> On Fri, Aug 31, 2018 at 3:50 PM Andreas Steffen <
> andreas.steffen at strongswan.org> wrote:
>
> Hi Sandesh,
>
> strongSwan is not vulnerable to the Bleichenbacher oracle attack
> since we did not implement the RSA encryption authentication variant
> for IKEv1.
>
> Best regards
>
> Andreas
>
> On 31.08.2018 10:53, Sandesh Sawant wrote:
> > Hi all,
> >
> > I came across below news about a paper enlisting attacks pertaining to
> > IKE protocol, and want to know whether the latest version of trongSwan
> > stack is vulnerable to the attacks mentioned in this
> > paper:
> https://www.ei.rub.de/media/nds/veroeffentlichungen/2018/08/13/sec18-felsch.pdf
> > References:
> >
> https://latesthackingnews.com/2018/08/20/ipsec-vpn-connections-broken-using-20-year-old-flaw/
> >
> https://securityaffairs.co/wordpress/75352/hacking/key-reuse-ipsec-attack.html
> >
> > Thanks,
> > Sandesh
>
> ======================================================================
> Andreas Steffen andreas.steffen at strongswan.org
> strongSwan - the Open Source VPN Solution! www.strongswan.org
> Institute for Networked Solutions
> HSR University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ===========================================================[INS-HSR]==
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180904/65095d85/attachment-0001.html>
More information about the Users
mailing list