[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pre-shared key v RSA encryption or RSA signatureauthentication modes

To: Stephen Kent <kent@bbn.com>
Subject: Re: pre-shared key v RSA encryption or RSA signatureauthentication modes
From: "Scott G. Kelly" <skelly@SonicWALL.com>
Date: Mon, 25 Mar 2002 14:45:46 -0800
CC: uri@bell-labs.com, ipsec@lists.tislabs.com
Organization: SonicWall
References: <005001c1d355$786a7c50$1e72788a@ca.alcatel.com> <p05100305b8c4fafbfbd8@[128.89.88.34]> <200203251709.MAA16171@nwmail.wh.lucent.com> <p0510030bb8c50e14787f@[128.89.88.34]>
Sender: owner-ipsec@lists.tislabs.com

Hi Steve,

Comments below...

Stephen Kent wrote:
> 
> At 12:06 PM -0500 3/25/02, Uri Blumenthal wrote:
> >On Monday 25 March 2002 11:08, Stephen Kent wrote:
> >>  I'm glad you mentioned what I consider to be a significant downside
> >>  of pre-shared secrets, although we come to very different
> >>  conclusions.  It is not too hard to imagine an attack in which the
> >>  initiator connects to the wrong address, e.g., via some form of DNS
> >>  attack, and the fake responder collects the initiator's secret, then
> >>  drops the connection.
> >
> >I thought this authentication method is YEARS gone?  A-la HTTP Basic
> >Authentication?
> >
> >Isn't practically everybody today using some form of challenge-response
> >auth with pre-shared secrets? [real-life examples would be helpful.]
> >--
> 
> There have been messages posted to the list that suggest otherwise,
> but it would be useful to get some data points.
> 
> Steve

There are (at least) two answers to this, depending on the scenario
being discussed. For remote access, there are many deployments which use
pre-shared secrets and a challenge-rsp together (a la xauth). Note that
these psk's are often (though not necessarily) shared among multiple
users, with some sort of "key id" being used to select the appropriate
psk at the sgw. It has been long recognized by the ipsec community that
this is insecure, yet there are some deployments using this mechanism.

Regarding the use of pre-shared secrets for site-to-site VPN's where
both SGW's have fixed IP addresses, I know of a significant number of
deployments which rely upon this mechanism, rather than certificates. In
these cases, no challenge/rsp is used. However, there is typically a
unique PSK for each SGW pair.

Scott

References:
- RE: pre-shared key v RSA encryption or RSA signature authentication modes
  - From: "Andrew Krywaniuk" <andrew.krywaniuk@alcatel.com>
- RE: pre-shared key v RSA encryption or RSA signatureauthentication modes
  - From: Stephen Kent <kent@bbn.com>
- Re: pre-shared key v RSA encryption or RSA signature authentication modes
  - From: Uri Blumenthal <uri@bell-labs.com>
- Re: pre-shared key v RSA encryption or RSA signatureauthentication modes
  - From: Stephen Kent <kent@bbn.com>

Prev by Date: Re: 1,342,532,544 combinations of algorithms
Next by Date: Re: 1,342,532,544 combinations of algorithms
Prev by thread: Re: pre-shared key v RSA encryption or RSA signatureauthentication modes
Next by thread: RE: pre-shared key v RSA encryption or RSA signature authentication modes
Index(es):
- Date
- Thread