[6909] in bugtraq
CISCO PIX Vulnerability
daemon@ATHENA.MIT.EDU (Damir Rajnovic)
Wed Jun 3 14:20:51 1998
Date: Wed, 3 Jun 1998 15:24:50 +0100
Reply-To: Damir Rajnovic <Damir.Rajnovic@EUROCERT.NET>
From: Damir Rajnovic <Damir.Rajnovic@EUROCERT.NET>
X-To: Firewalls@lists.gnac.net
To: BUGTRAQ@NETSPACE.ORG
-----BEGIN PGP SIGNED MESSAGE-----
Hello there,
Additional details regarding CISCO's Field Notice -
PIX Private Link Key Processing and Cryptography Issues
CISCO PIX Private Link feature uses DES key that is only 48 bits in length.
It is not obvious straight away since key is internally expanded from
7-bytes (as entered in command line) to 8-bytes that is used by DES. If
you dig into that expansion algorithm you'll find that third byte, counting
from the right, is not used at all. This is how key is expanded:
#!/usr/local/bin/perl
# Key used by DES
@key_data=( 0, 0, 0, 0, 0, 0, 0, 0 );
# Key entered in LINK statement
@key_in = ( 0x00, 0x00, 0x00, 0x00, 0x00, 0xda, 0xaa );
# Key expansion algorithm
$byte = ($key_in[6] & 0x3F) << 2;
$key_data[6] |= $byte;
$byte = ($key_in[6] & 0xC0) >> 5;
$key_data[5] |= $byte;
$byte = ($key_in[5] & 0x7F) << 1;
$key_data[7] = $byte;
$byte = ($key_in[5] & 0x80) >> 6;
$key_data[6] |= $byte;
#
# Byte 4 (from left) seems to be ignored
#
$byte = ($key_in[3] & 0x01) << 7;
$key_data[1] |= $byte;
$key_data[0] = ($key_in[3] & 0xFE );
$byte = $key_in[2] & 0x03;
$key_data[2] |= ($byte << 6);
$byte = ($key_in[2] & 0xFC) >> 1;
$key_data[1] |= $byte;
$byte = $key_in[1] & 0x07;
$key_data[3] |= ($byte << 5 );
$byte = $key_in[1] & 0xF8;
$key_data[2] |= ($byte >> 2);
$byte = $key_in[0] & 0x0F;
$key_data[4] |= ($byte << 4);
$byte = $key_in[0] & 0xF0;
$key_data[3] |= ($byte >> 3);
#
# Now you can use key in @key_data for encryption
Apparently, knowing what bits are fixed will not bring attacker
any additional 'gain' in breaking a DES. At least I was told that by
people from sci.crypt group.
Another thing is that PIX is using DES in ECB mode. CISCO admits that
"....ECB is not generally considered to be the best mode in which to
employ DES,...." but you'll have to live with it. CISCO will not fix
that so you'll have to buy future IPSEC/IKE products.
Cheers,
Gaus
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.5.3i for non-commercial use <http://www.pgpi.com>
iQCVAwUBNXUJgMAFeq0PniW5AQGQXAP9Gj7AvwHtvzgv0FlAVIOfRlHCWKN+APdM
VsGfvPKXxxkZbmJKu/27J0mChsx7Kp60TXWMATiaosVHSBVYpm5vQ8B1ljF9GZtz
FJcuo/wN746coNaQSHiJv4jytun7VzmG6/gJF3O746GrAMhzj2VTeSvUlGMVx2a0
NlNhH7HJ8Yo=
=ow3T
-----END PGP SIGNATURE-----
---------------------------------------------------------------
EuroCERT tel: (+44 1235) 822 382
c/o UKERNA fax: (+44 1235) 822 398
Atlas Centre
Chilton, Didcot
Oxfordshire OX11 0QS, UK
