> > I see this as a social issue, not a technical one. We can't prevent > > administrators from being careless, either with PSKs or with passwords. > > We can make more secure deployments easier. > > If the only change on the site-to-site config is to change the keyword > "psk" to "pake" and that prevents offline dictionary attacks, that's an > easy win.
I'm not so sure. Replacing PSK with password+PAKE could in fact decrease security. Properly chosen PSK provides high level of protection against both passive and active attacks. On the other hand, PAKE, as far as I know, only makes it difficult for passive eavesdropper to perform offline dictionary attack. But an active attacker may still try out all possible password values (due to small search space). Yes, you can easier detect active attackers and block them (and site-to-site VPNs usually have fixed IPs, that simplifies the task), but I still feel a bit uncomfortable by the idea of replacing perfectly secure crypto mechanism with a weaker one. I'd rather educate administrators :-) And note, that no PAKE will save you if administrators will select passwords like "foobar" or "12345". I think that PAKE is a very good mechanism for remote access in situation when certificates (or raw public keys) cannot be used for various reasons. E.g. f simple CPE that has no memory to securely store private key. Regards, Valery. > I care a little less for group psk's because well, it is a group so even > a pake won't buy us that much extra if dozens or thousands of people > have the pake secret. > > Paul _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
