[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Weak Crypto in Phase 1

To: Will Price <wprice@cyphers.net>
Subject: Re: Weak Crypto in Phase 1
From: Rodney Thayer <rodney@ssh.fi>
Date: Wed, 19 May 1999 15:52:45 +0300 (EET DST)
cc: ipsec@lists.tislabs.com
In-Reply-To: <3742031A.9A3B5821@cyphers.net>
Sender: owner-ipsec@lists.tislabs.com

I have seen this before, originally thought it was essentially because
people didn't think it mattered, or in fact hadn't thought about it
or, their IKE parameters were hard-coded.

In Minneapolis, I had a partial conversation with Hillarie (sp?) regarding
this and I got the impression that the nature of the Phase 1 as opposed to
Phase 2 exchanges might be constructed such that the crypto strength
mismatch might not be a problem.

Since (in some sort of curious justice-conserving twist of fate) she now
works for an IPsec implementor (Novell) maybe she's on the list and can
speak to this...

On Tue, 18 May 1999, Will Price wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> We've been doing mass interoperability testing against other IKE
> implementations recently and I've noticed a disturbing trend in
> several well known products which need not be named specifically.
> 
> I have encountered 2 products which are *only* capable of weak crypto
> (ie DES40, DES56, etc..) in Phase 1.  The very same product will
> happily use TripleDES for Phase 2.  Thus, there is no export issue,
> thus it seems there is no reason to make such a limitation.  The
> second product uses only DES56 in Phase 1, similar to the above, and
> again will support TripleDES in Phase 2.
> 
> These non-NAI products are not backwater IKE implementations, and
> thus the incongruity of this makes absolutely no sense.  When even
> the hardware implementations we tested against supported TripleDES in
> Phase 1, these software implementations should certainly support it
> one would think.
> 
> Protecting Phase 1 exchanges (and thus using that Phase 1 algorithm
> to protect all Phase 2 exchanges) with strong crypto can be at least
> as important as protecting Phase 2 SAs with strong crypto.
> 
> Can anyone explain why it is that certain implementations have chosen
> to restrict their Phase 1 implementations to weak crypto, and yet in
> the very same product will happily use strong crypto for Phase 2??
> 
> 
> - -- Will
> 
> Will Price, Architect/Sr. Mgr., PGP Client Products
> Total Network Security Division
> Network Associates, Inc.
> 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 6.5
> 
> iQA/AwUBN0ICxqy7FkvPc+xMEQIMegCg8vtBBSnuZxCtxzS9XtMGHXERY3oAn2v/
> rJzwi1cewupTbolTTl29V0Fl
> =EyjD
> -----END PGP SIGNATURE-----
>

Follow-Ups:

Re: Weak Crypto in Phase 1

From: Tamir Zegman <zegman@checkpoint.com>

References:

Weak Crypto in Phase 1

From: Will Price <wprice@cyphers.net>

Prev by Date: I-D ACTION:draft-ietf-ipsec-isakmp-xauth-04.txt
Next by Date: RE: New XAUTH draft
Prev by thread: Weak Crypto in Phase 1
Next by thread: Re: Weak Crypto in Phase 1
Index(es):
- Main
- Thread