[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RFC2409
IPSec/IKE (RFC2409) Public Key Encryption Aggressive mode"(Phase 1)
vulnerability is myself advice. It seems that IPSec/IKE Public Key
Encryption Revised Aggressive Mode and IPSec/IKE Pre-Shared Key Aggressive
Mode also vulnerable to this type of attack (Chess grandmaster). However,
they will be stopped at Phase 2 - Quick Mode (ISAKMP payload is Encrypted).
If Initiator and Cheater will share DHPrivKey_i, they will continue this
attack against Responder in Phase 2 - Quick Mode still :). For more detailed
information look in appendice.
Best regards,
==============================
Ivars Suba Bank of Latvia
mailto:ivarss@bank.lv http://www.bank.lv
Ph.: +371 7 022 524, Fax: +371 7 022 112
===============================
CryptAnalysisVPN_IKE.ppt
Follow-Ups:
- RFC2409
- From: Tero Kivinen <kivinen@ssh.fi>