Full Disclosure mailing list archives
Re: UPDATE: Cisco Security Notice: Dictionary Attack on Cisco LEAP Vulnerability
From: Christoph Gruber <christoph.gruber () wave-solutions com>
Date: Fri, 16 Apr 2004 10:12:03 +0200
CISCO wrote on 12.04.2004 19:59:19:
Summary Cisco LEAP is a mutual authentication algorithm that supports dynamic derivation of session keys. With Cisco LEAP, mutual authentication
relies
on a shared secret, the user's logon password-which is known by the
client
and the network, and is used to respond to challenges between the
user and
the Remote Authentication Dial-In User Service (RADIUS) server. As with most password-based authentication algorithms, Cisco LEAP is vulnerable to dictionary attacks.
As everyone can read in every good book about crypto, challenge-response methods should use a piece of information called "salt" that prevents attacks of being performed that easy. Because hashes with no salt always look the same, and you can prehash them. Salted hashes can not be calculated before an attack and are not ultimate save, but much harder to crack in realtime. (during an attack) If the developers at CISCO had done their homework, that would have never happened. Dear Josh, nice work, I regret that we we didnt get our beers when we met last time. -- Christoph Gruber, Security WAT1SE WAVE Solutions Information Technology GmbH Nordbergstrasse 13, A - 1090 Wien, Austria christoph.gruber () wave-solutions com Office: +43 1 71730 53514, Mobile: +43 664 81 22 66 1 PGP-Fingerprint: CCFF 5D66 7073 952C 7AB3 C2DF 435A C85C 558E D42B _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- UPDATE: Cisco Security Notice: Dictionary Attack on Cisco LEAP Vulnerability Cisco Systems Product Security Incident Response Team (Apr 12)
- Re: UPDATE: Cisco Security Notice: Dictionary Attack on Cisco LEAP Vulnerability Christoph Gruber (Apr 16)