[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Manual keying and replay prevention and ISAKMP negotiation
David,
It was not the intent of my previous message to suggest that the resolution
document encourages the definition of pre-shared secret to be based on a
simple password. As you have observed, the resolution document does not
currently specify how the pre-shared key is derived.
If you have a suggestion as to what it should say about deriving the
pre-shared secret, I suspect the authors of that document would be
receptive to your comments.
Derrell
> Derrell,
>
> I think you are wrong in suggesting that the ISAKMP/Oakley
> draft encourage the "pre-shared secrets" to be based on passwords.
> The word "password" is carefully (I suppose) omitted in the draft,
> and for good reason: Use of a too-small password exposes their
> protocol to dictionary attack.
>
> It *is* possible to do a password-authenticated DH exchange, immune
> to network dictionary attack. (e.g. SPEKE or DH-EKE) Such exchanges
> could be very convenient for secure re-connections, based on a
> temporary memorizable secret -- but these are not specified in Oakley.
>
> Forgive me if you think this is a nit, but I think
> wanton use of passwords as keys is a *bad thing*, especially
> in light of truly appropriate password alternatives.
>
> -- David
>
>
> At 01:04 PM 4/4/97 -0800, you wrote (to Rodney):
>
> > The specific provision in the IPSEC DOI is for a manual key exchange
> > algorithm, separate from Oakley.
> > ...
> > The ISAKMP/Oakley resolution document describes how to use "pre-shared"
> > keys (i.e. passwords) to authenticate the Diffie-Hellman exchange, which
> > provides the necessary attribute of manual authentication without digital
> > certificates.
>
> ------------------------------------
> David Jablon
> Tel: +1 508 898 9024
> http://world.std.com/~dpj/
> E-mail: dpj@world.std.com
References: