On 22.12.2017 01:12, Colony.three wrote: > >> You can't do that. The DH groups for IKE are standardized. >> "bot search will compromise VPNs in seconds"? What do you mean with >> "compromise" exactly? > > I said what I mean or course, in the next sentence: "/Most VPNs today are in > fact decrypted real-time and stored in the NSA's giant facility in Utah, > according to the Snowden docs./" (Actually they first go through the > decryption group in Ft Meade, MD) > >> Discoverying the existence of a service does not compromise it in any way. >> Unless you do stupid things like using PSKs and making them public or using >> a weak DH group, you can't decrypt them. I read the Snowden docs. And the >> ones from the Spiegel. > > IPsec traffic can be easily identified of course, with packet inspection. > And with the precomputed (canned) DH group applied to it, it's a shortcut to > the cleartext for a well-funded opponent (which implicitly has access to the > fiber trunks). It is not my goal to get in to an argument about this, Noel. > Please see Schnier's papers on this from 2014, and "I Hunt SysAdmins", et al. > (I won't stoop to condescending you) >
Neither is mine. Which of Bruce Schneier's papers from 2014? >> IKE and TLS do the DH exchange differently. >> In TLS, the server sends its DH parameters to the client. In IKE, that does >> not happen. That is the reason you can use your own DH parameters with TLS, >> but can't with IKE. > > I guess you will end this exchange now because this is hard for me to > believe. How has such a vuln been overlooked for so long by so many > highly-competent people? A common DH group for -everyone-?! What do they > think the point of it is? > > There are many DH groups[1]. Pick one that is strong enough for your taste. I very much doubt the NSA can break anything above 1536 bits. Even 1024 bit is hard[2], because the lookup table required for it is humonguous. [1] https://wiki.strongswan.org/projects/strongswan/wiki/IKEv2CipherSuites#Diffie-Hellman-Groups [2] https://weakdh.org/
signature.asc
Description: OpenPGP digital signature
