Re: [strongSwan] Multiple IKEv2 proposals

2019-07-04 Thread Graham Bartlett (grbartle) 
Hi

Just to close the loop Noel replied unicast.

But to answer your Q, I did read the man page (it's clear and explicitly says 
to use a ',' between proposals), but I was fat fingering the proposals and so 
it was failing hence I thought that it wasn't possible.

Thanks for the help.

cheers

On 02/07/2019, 08:31, "Tobias Brunner"  wrote:

Hi Graham,

> Is it possible to send multiple IKEv2 proposals?

Sure, why do you think it's not? 


smime.p7s
Description: S/MIME cryptographic signature

[strongSwan] Multiple IKEv2 proposals

2019-07-01 Thread Graham Bartlett (grbartle) 
Hi

Is it possible to send multiple IKEv2 proposals?

The use case being, one with combined mode ciphers and the other without.

Many thanks 


smime.p7s
Description: S/MIME cryptographic signature

Re: [strongSwan] (no subject)

2018-09-03 Thread Graham Bartlett (grbartle) 
Hi Sandesh

 

The offline dictionary PSK attack isn’t something new (people have known about 
this since last millennia!).

 

In summary if you have a ‘strong’ PSK you’re safe.. But if you have an active 
MiTM as described in the paper then they can perform an offline brute force 
attack against your PSK assuming they have the computing power to find it.. 

 

I wrote the following to help explain this..

 

https://www.linkedin.com/pulse/ike-brute-force-attack-explained-graham-bartlett/

 

cheers

 

From: Users  on behalf of Sandesh Sawant 

Date: Monday, 3 September 2018 at 10:20
To: "andreas.stef...@strongswan.org" 
Cc: "users@lists.strongswan.org" 
Subject: Re: [strongSwan] (no subject)

 

Hello Andreas,

 

Thanks for confirming that strongSwan isn't vulnerable to the mentioned attack.

 

However the report claims to have exploits for PSK and RSA signature based 
authentication also... Quoting from the report abstract: 

 "We exploit a Bleichenbacher oracle in an IKEv1 mode, where RSA

encrypted nonces are used for authentication. Using this

exploit, we break these RSA encryption  based modes,

and in addition break RSA signature  based authentication

in both IKEv1 and IKEv2. Additionally, we describe

an offline dictionary attack against the PSK (Pre-Shared

Key) based IKE modes, thus covering all available authentication

mechanisms of IKE."

 

Can you please confirm that strongSwan isn't vulnerable to the Bleichenbacher 
attack against IKEv2 signature based auth and offline dictionary attack 
mentioned for PSK based auth (irrespective of the PSK chosen by the user)?

 

Thanks,

Sandesh

 

On Fri, Aug 31, 2018 at 3:50 PM Andreas Steffen 
 wrote:

Hi Sandesh,

strongSwan is not vulnerable to the Bleichenbacher oracle attack
since we did not implement the RSA encryption authentication variant
for IKEv1.

Best regards

Andreas

On 31.08.2018 10:53, Sandesh Sawant wrote:
> Hi all,
> 
> I came across below news about a paper enlisting attacks pertaining to
> IKE protocol, and want to know whether the latest version of trongSwan
> stack is vulnerable to the attacks mentioned in this
> paper: 
> https://www.ei.rub.de/media/nds/veroeffentlichungen/2018/08/13/sec18-felsch.pdf
> References:
> https://latesthackingnews.com/2018/08/20/ipsec-vpn-connections-broken-using-20-year-old-flaw/
> https://securityaffairs.co/wordpress/75352/hacking/key-reuse-ipsec-attack.html
> 
> Thanks,
> Sandesh

==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Networked Solutions
HSR University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[INS-HSR]==



smime.p7s
Description: S/MIME cryptographic signature