[29917] in bugtraq
Re: Cracking preshared keys
daemon@ATHENA.MIT.EDU (Stefan Laudat)
Sat Apr 26 15:31:17 2003
Date: Sat, 26 Apr 2003 20:26:47 +0300
From: Stefan Laudat <stefan@worldbank.ro>
To: David Wagner <daw@mozart.cs.berkeley.edu>
Message-ID: <20030426172647.GB8360@worldbank.ro>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <b879u0$sks$1@abraham.cs.berkeley.edu>
> I find your recommendations hard to take seriously. This is not a
> vulnerability in IPSec, a good reason to disable vpn access, or anything
> like that. Just use some common sense in how you use the crypto. If you
> must use pre-shared keys, choose strong keys; or, use public keys instead
> of pre-shared keying. Surely you agree?
Third option: there are some IPSEC implementations (such as
Linksys' BEFVP41 vpn router) which blacklist the attacker's IP
for a given amount of time when wrong PSK count overpasses
a threshold. It takes an eternity to try many combinations though :)
just my .02 eurocents
--
Stefan Laudat
CCNA & CCAI
-------------
Marriage is the only adventure open to the cowardly.
-- Voltaire
