Hi Graham, Thanks for clarifying this further.
Best, Sandesh On Mon, Sep 3, 2018 at 3:49 PM Graham Bartlett (grbartle) < grbar...@cisco.com> wrote: > Hi Sandesh > > > > The offline dictionary PSK attack isn’t something new (people have known > about this since last millennia!). > > > > In summary if you have a ‘strong’ PSK you’re safe.. But if you have an > active MiTM as described in the paper then they can perform an offline > brute force attack against your PSK assuming they have the computing power > to find it.. > > > > I wrote the following to help explain this.. > > > > > https://www.linkedin.com/pulse/ike-brute-force-attack-explained-graham-bartlett/ > > > > cheers > > > > *From: *Users <users-boun...@lists.strongswan.org> on behalf of Sandesh > Sawant <sandesh.saw...@gmail.com> > *Date: *Monday, 3 September 2018 at 10:20 > *To: *"andreas.stef...@strongswan.org" <andreas.stef...@strongswan.org> > *Cc: *"users@lists.strongswan.org" <users@lists.strongswan.org> > *Subject: *Re: [strongSwan] (no subject) > > > > Hello Andreas, > > > > Thanks for confirming that strongSwan isn't vulnerable to the mentioned > attack. > > > > However the report claims to have exploits for PSK and RSA signature based > authentication also... Quoting from the report abstract: > > "We exploit a Bleichenbacher oracle in an IKEv1 mode, where RSA > > encrypted nonces are used for authentication. Using this > > exploit, we break these RSA encryption based modes, > > and in addition break RSA signature based authentication > > in both IKEv1 and IKEv2. Additionally, we describe > > an offline dictionary attack against the PSK (Pre-Shared > > Key) based IKE modes, thus covering all available authentication > > mechanisms of IKE." > > > > Can you please confirm that strongSwan isn't vulnerable to the > Bleichenbacher attack against IKEv2 signature based auth and offline > dictionary attack mentioned for PSK based auth (irrespective of the PSK > chosen by the user)? > > > > Thanks, > > Sandesh > > > > On Fri, Aug 31, 2018 at 3:50 PM Andreas Steffen < > andreas.stef...@strongswan.org> wrote: > > Hi Sandesh, > > strongSwan is not vulnerable to the Bleichenbacher oracle attack > since we did not implement the RSA encryption authentication variant > for IKEv1. > > Best regards > > Andreas > > On 31.08.2018 10:53, Sandesh Sawant wrote: > > Hi all, > > > > I came across below news about a paper enlisting attacks pertaining to > > IKE protocol, and want to know whether the latest version of trongSwan > > stack is vulnerable to the attacks mentioned in this > > paper: > https://www.ei.rub.de/media/nds/veroeffentlichungen/2018/08/13/sec18-felsch.pdf > > References: > > > https://latesthackingnews.com/2018/08/20/ipsec-vpn-connections-broken-using-20-year-old-flaw/ > > > https://securityaffairs.co/wordpress/75352/hacking/key-reuse-ipsec-attack.html > > > > Thanks, > > Sandesh > > ====================================================================== > Andreas Steffen andreas.stef...@strongswan.org > strongSwan - the Open Source VPN Solution! www.strongswan.org > Institute for Networked Solutions > HSR University of Applied Sciences Rapperswil > CH-8640 Rapperswil (Switzerland) > ===========================================================[INS-HSR]== > >