On Tue, 14 Aug 2018, Tero Kivinen wrote:
In IKEv2 you can do active attack to do offline dictionary attack. When Alice is trying to connect Bob, the Mallery will take those packets and respond to them, without forwarding anything to Bob. When Alice will send her IKE_AUTH payload, you can decrypt it as you were party in the IKE_SA_INIT, i.e., you know the Diffie-Hellman secrets. Then you simply calculate the InitiatorSignedOctets (you know everything needed there), and dofor every "Shared Secret" in dictionary calculate prf( prf(Shared Secret, "Key Pad for IKEv2"), <InitiatorSignedOctets>) if that matches the AUTH payload Alice send you know the Shared Secret You can do that offline without any problems.
Ah yes, thanks. Paul _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
