Bugtraq mailing list archives
Re: CISCO PIX Vulnerability
From: jthain () sbi bm (Jamie Thain)
Date: Sat, 20 Jun 1998 10:24:54 -0300
David, David
The simplest attack (``the Exabyte attack'') is to encrypt some common plaintext block (e.g. "\nlogin: ") under all 2^48 possible keys, and store the 2^48 ciphertext results on a big Exabyte tape; then each subsequent link-encryption key can be broken with O(1) effort. Thanks to the ECB mode, such a common plaintext block should be easy to find. (With a real chaining mode, these attacks are not possible under a ciphertext-only assumption, because the chaining vector serves as a kind of salt.)
Even if the ciper were a one byte char, the resulting data set size would be 281,474 GB big, I have not heard of a 281TB tape drive yet.
A much more practical approach would use Hellman's time-space tradeoff. There, you'd need only about 2^32 space (e.g. $100 at Fry's for a cheap hard disk), plus you'd need to do a 2^48 precomputation. After the precomputation, each subsequent link-encryption key can be broken with about 2^32 trial encryptions.
This is 4GB which is doable, but the resultant set of cipertexts would still be ~24GB big, which makes you want to have a really good reason. Although with some dedicated Hardware 281 Trillion combinations could be tried in a few minutes, and it would be broken. regards:jamie
Current thread:
- CISCO PIX Vulnerability Damir Rajnovic (Jun 03)
- Re: CISCO PIX Vulnerability Rick Smith (Jun 10)
- <Possible follow-ups>
- Re: CISCO PIX Vulnerability David Wagner (Jun 03)
- Re: CISCO PIX Vulnerability Damir Rajnovic (Jun 03)
- FreeBSD Security Advisory: FreeBSD-SA-98:05.nfs Aleph One (Jun 04)
- Re: FreeBSD Security Advisory: FreeBSD-SA-98:05.nfs matthew green (Jun 04)
- Huge security hole in SDRC IDEAS MS6 cad system. Sven-Ove Westberg (Jun 05)
- Security flaw in Accelerated-X 4.1 Stefan Laudat (Jun 08)
- Re: CISCO PIX Vulnerability Damir Rajnovic (Jun 05)
- Re: CISCO PIX Vulnerability Jamie Thain (Jun 20)