[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Weak Crypto in Phase 1

To: <wprice@cyphers.net>, <rodney@ssh.fi>
Subject: Re: Weak Crypto in Phase 1
From: "Hilarie Orman" <HORMAN@novell.com>
Date: Wed, 19 May 1999 12:38:25 -0600
Cc: <ipsec@lists.tislabs.com>
Sender: owner-ipsec@lists.tislabs.com

There's an undercurrent in some of the discussions that seems
to imply that the security of the keys depends on symmetric
crypto.  I'd just like to point out that it's not true.  
The security of the keys depends on the group over which the
exponentiations for Diffie-Hellman are done.

The identity hiding depends on the symmetric crypto, as do the
SA attributes.  It would seem strange to me that an
implementor would limit phase I to a lesser key length
than in phase II.  Does the initiator fail to offer
3DES, or does the responder default to DES?  Maybe they
want to hide the fact that they have stronger crypto
available until they get to Phase II?

Note that no can be forced to keep their identity
secret during these exchanges, it the option of the
sender and involves trust with the recipient (as with
any secrecy); and identities are subject to compromise
by active attackers.

Hilarie

Prev by Date: Re: Weak Crypto in Phase 1
Next by Date: new IKE draft
Prev by thread: Re: Weak Crypto in Phase 1
Next by thread: I-D ACTION:draft-ietf-ipsec-isakmp-xauth-04.txt
Index(es):
- Main
- Thread