[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: key processing for manual and dynamic SA
Henry Spencer <henry@spsystems.net> writes:
> > 2) Dynamic Mode SA ...
> > Question: What do I do if the constructed 64bit key is weak? Do I:
> > a) reject the establishment
> > b) move on one byte in the keying material and try again
> > c) move on one-block (64bits) and try again?
>
> It takes some searching to find any mention of this. The ciph-cbc draft
> appears to say that when you discover you have been given a weak key, you
> reject it and require that a new SA be generated. For the poorly-named
> "ISAKMP SA" (the communication path between the IKE daemons), the
> isakmp-oakley draft says that the first N non-weak bytes are used, which
> would seem to imply moving on one byte and trying again.
This is actually ambiguous. I would have interpreted it as the first
non-weak N-byte block, meaning that if bytes (0, ... ,N-1) are weak,
you would try bytes (N, ... ,2N-1) instead.
> > Again, the process needs to be standard.
>
> Given how rare weak keys are, it is quite possible that we will never know
> whether most implementations interoperate in this area. Other forms of
> rare error leading to communications failure will probably be more common.
If anyone wants to ressurect their DES-MAC prf code, I can provide an
ISAKMP daemon which will force a given key.... :)
Otherwise, it is probably most wise to reject the negotiation and
start from scratch. That way you are certain to interoperate.
ben
References: