Re: Cracking preshared keys

[Michael Thumann <mthumann () ernw de>]

To get the XAUTH based authentication information (that is the part where 
the RADIUS Server is involved) you must start a man in the middle attack 
and this MITM attack is only possible when you've already cracked the 
preconfigured preshared key and when you are in physical position to 
perform a MITM attack (that's really not too easy).

Hope that helps ;-

At 21:10 23.04.03 -0400, Gary Flynn wrote:
> Damir Rajnovic wrote:
>
> > Please note that the same class of attack is possible even if Xauth 
> > (Extended Authentication) is used. This is because Xauth is performed 
> > after Phase 1 is completed and, for this attack, an adversary
> > needs only a packet from Phase 1. Furthermore, after the pre-shared key 
> > has been discovered, an adversary can mount an active MiTM attack
> > on Xauth. The outcome depends on the exact authentication method used
> > in Xauth.
> May I ask how this applies to "IKE Shared Secret AAA"?
> If a Radius backend authenticator is used, is the shared key
> that is vulnerable one preconfigured in the VPN hosts or one
> based on the Radius password? The reason I ask is that the
> preconfigured shared key can easily be lengthened but the
> backend password, if based on end user passwords, is not
> as easy a solution. :)
>
> Thank you.
>
> Gary Flynn
> Security Engineer - James Madison University


ERNW Enno Rey Netzwerke GmbH - Zaehringerstr. 46 - 69115 Heidelberg
Tel. +49 6221 480390 - Fax +49 6221 419008 - Mobil +49 173 6745903