Re: Manual keying and replay prevention and ISAKMP negotiation

["David P. Jablon" <dpj@world.std.com>]

Derrell,

I think you are wrong in suggesting that the ISAKMP/Oakley
draft encourage the "pre-shared secrets" to be based on passwords.
The word "password" is carefully (I suppose) omitted in the draft,
and for good reason:  Use of a too-small password exposes their
protocol to dictionary attack.

It *is* possible to do a password-authenticated DH exchange, immune
to network dictionary attack. (e.g. SPEKE or DH-EKE)  Such exchanges
could be very convenient for secure re-connections, based on a
temporary memorizable secret -- but these are not specified in Oakley.

Forgive me if you think this is a nit, but I think
wanton use of passwords as keys is a *bad thing*, especially
in light of truly appropriate password alternatives.

-- David


At 01:04 PM 4/4/97 -0800, you wrote (to Rodney):

> The specific provision in the IPSEC DOI is for a manual key exchange
> algorithm, separate from Oakley.
> ...
> The ISAKMP/Oakley resolution document describes how to use "pre-shared"
> keys (i.e. passwords) to authenticate the Diffie-Hellman exchange, which
> provides the necessary attribute of manual authentication without digital
> certificates.

------------------------------------
David Jablon
Tel: +1 508 898 9024
http://world.std.com/~dpj/
E-mail: dpj@world.std.com

---

Follow-Ups:

• Re: Manual keying and replay prevention and ISAKMP negotiation
• From: Derrell Piper <piper@cisco.com>

---

• Prev by Date: Re: Manual keying and replay prevention and ISAKMP negotiation
• Next by Date: Memphis IPSEC
• Prev by thread: Re: Manual keying and replay prevention and ISAKMP negotiation
• Next by thread: Re: Manual keying and replay prevention and ISAKMP negotiation
• Index(es):
  • Main
  • Thread