[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Another pothole in ISAKMP/Oakley

To: "David P. Jablon" <dpj@world.std.com>
Subject: Re: Another pothole in ISAKMP/Oakley
From: Daniel Harkins <dharkins@cisco.com>
Date: Wed, 16 Apr 1997 10:01:45 -0700
Cc: ho@earth.hpc.org (Hilarie Orman), ipsec@tis.com, carrel@ipsec.org
In-Reply-To: Your message of "Wed, 16 Apr 1997 11:59:34 EDT." <3.0.1.16.19970416115934.1d8f2d58@world.std.com>
Sender: owner-ipsec@ex.tis.com

  David,

> A problem occurs when a man-in-the-middle forces each DH exponential into
> a small subgroup, by raising each number to the power of q.  Both
> legitimate parties
> will derive the same key K, but it will be confined to one of "t" possible
> values,
> making it easy for the middleman to guess it.

But since each exponential is authenticated I don't see how this is a problem.
A middleman changing *anything*-- exponentials, initial offer of EHA-- will
result in a failed authentication (page 9 of draft).

This does seem to be a particularly devious sort of attack but I don't think
ISAKMP/Oakley is susceptible.

  Dan.

References:

Re: Another pothole in ISAKMP/Oakley

From: "David P. Jablon" <dpj@world.std.com>

Prev by Date: Re: Another pothole in ISAKMP/Oakley
Next by Date: Re: Another pothole in ISAKMP/Oakley
Prev by thread: Re: Another pothole in ISAKMP/Oakley
Next by thread: Re: Another pothole in ISAKMP/Oakley
Index(es):
- Main
- Thread