Re: New XAUTH draft

["Scott G. Kelly" <skelly@redcreek.com>]

Paul Koning wrote:
> 
> >>>>> "Scott" == Scott G Kelly <skelly@redcreek.com> writes:
> 
> > Hmmm... how about if I capture your session and mount an offline
> > known-plaintext analysis using the following from the exchange:
> >
> >   IPSec Host                                              Edge Device
> >   --------------                                    -----------------
> >                          <-- REQUEST(TYPE=RADIUS NAME="" PASSWORD="")
> >   REPLY(TYPE=RADIUS NAME="joe" PASSWORD="foobar") -->
> >
> > Now, I know your password, and I know the preshared key. I can
> > impersonate you.
> 
> The XAUTH exchange is encrypted under the IKE SA key, right?  So no,
> you can't do this because you don't know that key, unless you're in
> the middle as Dan and Tamir suggested.  Listening isn't sufficient.
> 

First, let me emphasize that this is not a simple attack. Second, I'll
add that you don't need the key in advance for a known-plaintext
analysis, as the key is what you are trying to derive. The point is that
you know exactly what some of the text is, and you have the
corresponding ciphertext. Granted, a strong crypto algorithm makes this
a *lot* harder to pull off, but it is still a possible attack, which is
what you asked for. I also grant that this has substantially lighter
implications for a one time password based system.

Scott

---

References:

• RE: New XAUTH draft
• From: "Waters, Stephen" <Stephen.Waters@cabletron.com>
• Re: New XAUTH draft
• From: Dan Harkins <dharkins@network-alchemy.com>
• Re: New XAUTH draft
• From: Paul Koning <pkoning@xedia.com>
• Re: New XAUTH draft
• From: "Scott G. Kelly" <skelly@redcreek.com>
• Re: New XAUTH draft
• From: Paul Koning <pkoning@xedia.com>

---

• Prev by Date: Re: New XAUTH draft
• Next by Date: [Fwd: New XAUTH draft]
• Prev by thread: Re: New XAUTH draft
• Next by thread: RE: New XAUTH draft
• Index(es):
  • Main
  • Thread