Hi, Valery > On 12 Dec 2018, at 11:02, Valery Smyslov <[email protected]> wrote: > >>> I see this as a social issue, not a technical one. We can't prevent >>> administrators from being careless, either with PSKs or with passwords. >> >> We can make more secure deployments easier. >> >> If the only change on the site-to-site config is to change the keyword >> "psk" to "pake" and that prevents offline dictionary attacks, that's an >> easy win. > > I'm not so sure. Replacing PSK with password+PAKE could in fact decrease > security. > Properly chosen PSK provides high level of protection against both passive > and active attacks. On the other hand, PAKE, as far as I know, > only makes it difficult for passive eavesdropper to perform offline > dictionary attack. But an active attacker may still try out all possible > password values (due to small search space). Yes, you can easier > detect active attackers and block them (and site-to-site VPNs > usually have fixed IPs, that simplifies the task), but I still feel a bit > uncomfortable > by the idea of replacing perfectly secure crypto mechanism with a weaker one. > I'd rather educate administrators :-) And note, that no PAKE will > save you if administrators will select passwords like "foobar" or "12345". > > I think that PAKE is a very good mechanism for remote access > in situation when certificates (or raw public keys) cannot be used > for various reasons. E.g. f simple CPE that has no memory > to securely store private key.
I don’t think the idea is to replace a 128-bit PSK derived from a properly seeded DRBG with “ip5ecmeRockz!” using a PAKE. I think we’re assuming the administrator will configure “ip5ecmeRockz!” (or “foobar”) regardless of what we call it, so we might as well give them a better mechanism to use this value. Yoav _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
