Weak Crypto in Phase 1

[Will Price <wprice@cyphers.net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

We've been doing mass interoperability testing against other IKE
implementations recently and I've noticed a disturbing trend in
several well known products which need not be named specifically.

I have encountered 2 products which are *only* capable of weak crypto
(ie DES40, DES56, etc..) in Phase 1.  The very same product will
happily use TripleDES for Phase 2.  Thus, there is no export issue,
thus it seems there is no reason to make such a limitation.  The
second product uses only DES56 in Phase 1, similar to the above, and
again will support TripleDES in Phase 2.

These non-NAI products are not backwater IKE implementations, and
thus the incongruity of this makes absolutely no sense.  When even
the hardware implementations we tested against supported TripleDES in
Phase 1, these software implementations should certainly support it
one would think.

Protecting Phase 1 exchanges (and thus using that Phase 1 algorithm
to protect all Phase 2 exchanges) with strong crypto can be at least
as important as protecting Phase 2 SAs with strong crypto.

Can anyone explain why it is that certain implementations have chosen
to restrict their Phase 1 implementations to weak crypto, and yet in
the very same product will happily use strong crypto for Phase 2??


- -- Will

Will Price, Architect/Sr. Mgr., PGP Client Products
Total Network Security Division
Network Associates, Inc.


-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5

iQA/AwUBN0ICxqy7FkvPc+xMEQIMegCg8vtBBSnuZxCtxzS9XtMGHXERY3oAn2v/
rJzwi1cewupTbolTTl29V0Fl
=EyjD
-----END PGP SIGNATURE-----

---

Follow-Ups:

• Re: Weak Crypto in Phase 1
• From: Rodney Thayer <rodney@ssh.fi>

---

• Prev by Date: Re: New XAUTH draft
• Next by Date: RE: New XAUTH draft
• Prev by thread: RE: New XAUTH draft
• Next by thread: Re: Weak Crypto in Phase 1
• Index(es):
  • Main
  • Thread