Re: UPDATE: Cisco Security Notice: Dictionary Attack on Cisco LEAP Vulnerability

[Christoph Gruber <christoph.gruber () wave-solutions com>]

CISCO wrote on 12.04.2004 19:59:19:

> Summary
>
>    Cisco LEAP is a mutual authentication algorithm that supports dynamic
>    derivation of session keys. With Cisco LEAP, mutual authentication 
relies
>    on a shared secret, the user's logon password-which is known by the 
client
>    and the network, and is used to respond to challenges between the 
user and
>    the Remote Authentication Dial-In User Service (RADIUS) server.
>
>    As with most password-based authentication algorithms, Cisco LEAP is
>    vulnerable to dictionary attacks.

As everyone can read in every good book about crypto, challenge-response 
methods should use a piece of information called "salt" that prevents 
attacks of being performed that easy.
Because hashes with no salt always look the same, and you can prehash 
them.
Salted hashes can not be calculated before an attack and are not ultimate 
save, but much harder to crack in realtime. (during an attack)
If the developers at CISCO had done their homework, that would have never 
happened.

Dear Josh, nice work, I regret that we we didnt get our beers when we met 
last time.
 
-- 
Christoph Gruber, Security WAT1SE
WAVE Solutions Information Technology GmbH 
Nordbergstrasse 13, A - 1090 Wien, Austria
christoph.gruber () wave-solutions com
Office: +43 1 71730 53514, Mobile: +43 664 81 22 66 1
PGP-Fingerprint: CCFF 5D66 7073 952C 7AB3  C2DF 435A C85C 558E D42B

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html