Bugtraq mailing list archives
Re: Cracking preshared keys
From: Stefan Laudat <stefan () worldbank ro>
Date: Sat, 26 Apr 2003 20:26:47 +0300
I find your recommendations hard to take seriously. This is not a vulnerability in IPSec, a good reason to disable vpn access, or anything like that. Just use some common sense in how you use the crypto. If you must use pre-shared keys, choose strong keys; or, use public keys instead of pre-shared keying. Surely you agree?
Third option: there are some IPSEC implementations (such as
Linksys' BEFVP41 vpn router) which blacklist the attacker's IP
for a given amount of time when wrong PSK count overpasses
a threshold. It takes an eternity to try many combinations though :)
just my .02 eurocents
--
Stefan Laudat
CCNA & CCAI
-------------
Marriage is the only adventure open to the cowardly.
-- Voltaire
Current thread:
- Cracking preshared keys Michael Thumann (Apr 23)
- Re: Cracking preshared keys Damir Rajnovic (Apr 23)
- Re: Cracking preshared keys Derek (Apr 24)
- Re: Cracking preshared keys Gary Flynn (Apr 24)
- Re: Cracking preshared keys Michael Thumann (Apr 24)
- Re: Cracking preshared keys Gary Flynn (Apr 24)
- Re: Cracking preshared keys Damir Rajnovic (Apr 23)
- Re: Cracking preshared keys David Wagner (Apr 24)
- Re: Cracking preshared keys Michael Thumann (Apr 24)
- Re: Cracking preshared keys Curt Sampson (Apr 25)
- Re: Cracking preshared keys Stefan Laudat (Apr 26)
- <Possible follow-ups>
- RE: Cracking preshared keys Rager, Anton (Anton) (Apr 24)
- Re: Cracking preshared keys hank (Apr 25)