[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Weak authentication in Xauth and IKE



Jan Vilhuber wrote:

> Isn't this exactly the case, if people start using the dreaded
> group-pre-shared-secret, i.e. assign a single shared-secret to all their
> dial-in customers?

I think there really are 2 distinct issues here:

   i. Unless you assign every user to a distinct group,
      there is a serious risk that a lost laptop etc will
      yield the desired password.  (This risk has been
      discussed on various threads.)

  ii.  Even if you assign every user a distinct group
       password, and you diligently revoke these as
       soon as they become compromised,  there is
       still the risk that an adversary will carry out
       an attack to *discover* your password.   (This
       risk is not so clear from the threads I have read.)

So a "group password" is a bad thing, both because it
is a password (has "low entropy") and because it is shared
among some group (regardless of its strength).  Jianying
correctly pointed out a flaw in my attack which was
corrected is a separate post.   But dictionary attacks are
always possible against weak shared secrets even if they
are shared between users.

John



References: