[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Comments on CRACK

To: Stephane Beaulieu <sbeaulieu@TimeStep.com>
Subject: Re: Comments on CRACK
From: "Scott G. Kelly" <skelly@redcreek.com>
Date: Tue, 26 Oct 1999 10:12:13 -0700
CC: wprice@cyphers.net, Moshe Litvin <moshe@checkpoint.com>, ipsec@lists.tislabs.com, ietf-ipsra@vpnc.org
Organization: RedCreek Communications
References: <319A1C5F94C8D11192DE00805FBBADDFEC9812@exchange>
Sender: owner-ipsec@lists.tislabs.com

Stephane Beaulieu wrote:
> What would those be?
> 
> I've heard...
> 
> 1 - It encourages the use of weak pre-shared keys. - Perhaps, but this can
> easily be fixed in XAUTH.  I would still like to get a concensus on this.

This "easy" fix requires deployment of client certificates.

> 2 - It's too complicated to be secure... Please !

Prove to me that it's secure. Better review your predicate logic
first...

> 3 - Too much known plain text.  - All three proposals (XAUTH, CRACK, and ULA
> have know plain text.

None have the copious amounts of ASCII TEXT that xauth does. Some known
plaintext may be unavoidable, but xauth has a ridiculous amount.

> 4 - It's too tightly bound to Cfg.  Cfg is a simple protocol.  Why invent a
> new protocol when one already exist which meets your needs.

You mean dhcp, right?

Follow-Ups:

Re: Comments on CRACK

From: Moshe Litvin <moshe@checkpoint.com>

References:

RE: Comments on CRACK

From: Stephane Beaulieu <sbeaulieu@TimeStep.com>

Prev by Date: Re: Comments on CRACK
Next by Date: RE: Comments on CRACK
Prev by thread: RE: Comments on CRACK
Next by thread: Re: Comments on CRACK
Index(es):
- Main
- Thread