[prev in list] [next in list] [prev in thread] [next in thread]
List: strongswan-users
Subject: Re: [strongSwan] (no subject)
From: Sandesh Sawant <sandesh.sawant () gmail ! com>
Date: 2018-09-04 6:27:56
Message-ID: CAC5MxLnCqTVNRb40Pxc0RUb=9FPyeguiYgRxyxgXtMovbGWZFw () mail ! gmail ! com
[Download RAW message or body]
Hi Graham,
Thanks for clarifying this further.
Best,
Sandesh
On Mon, Sep 3, 2018 at 3:49 PM Graham Bartlett (grbartle) <
grbartle@cisco.com> wrote:
> Hi Sandesh
>
>
>
> The offline dictionary PSK attack isn't something new (people have known
> about this since last millennia!).
>
>
>
> In summary if you have a ‘strong' PSK you're safe.. But if you have an
> active MiTM as described in the paper then they can perform an offline
> brute force attack against your PSK assuming they have the computing power
> to find it..
>
>
>
> I wrote the following to help explain this..
>
>
>
>
> https://www.linkedin.com/pulse/ike-brute-force-attack-explained-graham-bartlett/
>
>
>
> cheers
>
>
>
> *From: *Users <users-bounces@lists.strongswan.org> on behalf of Sandesh
> Sawant <sandesh.sawant@gmail.com>
> *Date: *Monday, 3 September 2018 at 10:20
> *To: *"andreas.steffen@strongswan.org" <andreas.steffen@strongswan.org>
> *Cc: *"users@lists.strongswan.org" <users@lists.strongswan.org>
> *Subject: *Re: [strongSwan] (no subject)
>
>
>
> Hello Andreas,
>
>
>
> Thanks for confirming that strongSwan isn't vulnerable to the mentioned
> attack.
>
>
>
> However the report claims to have exploits for PSK and RSA signature based
> authentication also... Quoting from the report abstract:
>
> "We exploit a Bleichenbacher oracle in an IKEv1 mode, where RSA
>
> encrypted nonces are used for authentication. Using this
>
> exploit, we break these RSA encryption based modes,
>
> and in addition break RSA signature based authentication
>
> in both IKEv1 and IKEv2. Additionally, we describe
>
> an offline dictionary attack against the PSK (Pre-Shared
>
> Key) based IKE modes, thus covering all available authentication
>
> mechanisms of IKE."
>
>
>
> Can you please confirm that strongSwan isn't vulnerable to the
> Bleichenbacher attack against IKEv2 signature based auth and offline
> dictionary attack mentioned for PSK based auth (irrespective of the PSK
> chosen by the user)?
>
>
>
> Thanks,
>
> Sandesh
>
>
>
> On Fri, Aug 31, 2018 at 3:50 PM Andreas Steffen <
> andreas.steffen@strongswan.org> wrote:
>
> Hi Sandesh,
>
> strongSwan is not vulnerable to the Bleichenbacher oracle attack
> since we did not implement the RSA encryption authentication variant
> for IKEv1.
>
> Best regards
>
> Andreas
>
> On 31.08.2018 10:53, Sandesh Sawant wrote:
> > Hi all,
> >
> > I came across below news about a paper enlisting attacks pertaining to
> > IKE protocol, and want to know whether the latest version of trongSwan
> > stack is vulnerable to the attacks mentioned in this
> > paper:
> https://www.ei.rub.de/media/nds/veroeffentlichungen/2018/08/13/sec18-felsch.pdf
> > References:
> >
> https://latesthackingnews.com/2018/08/20/ipsec-vpn-connections-broken-using-20-year-old-flaw/
> >
> https://securityaffairs.co/wordpress/75352/hacking/key-reuse-ipsec-attack.html
> >
> > Thanks,
> > Sandesh
>
> ======================================================================
> Andreas Steffen andreas.steffen@strongswan.org
> strongSwan - the Open Source VPN Solution! www.strongswan.org
> Institute for Networked Solutions
> HSR University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ===========================================================[INS-HSR]==
>
>
[Attachment #3 (text/html)]
<div dir="ltr">Hi Graham,<div><br></div><div>Thanks for clarifying this \
further.</div><div><br></div><div>Best,</div><div>Sandesh<br><div \
class="gmail_quote"><div dir="ltr">On Mon, Sep 3, 2018 at 3:49 PM Graham Bartlett \
(grbartle) <<a href="mailto:grbartle@cisco.com">grbartle@cisco.com</a>> \
wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 \
.8ex;border-left:1px #ccc solid;padding-left:1ex"><div lang="EN-GB" link="blue" \
vlink="purple"><div class="m_-2961104568182698668WordSection1"><p \
class="MsoNormal">Hi Sandesh<u></u><u></u></p><p class="MsoNormal"><u></u> \
<u></u></p><p class="MsoNormal">The offline dictionary PSK attack isn't something new \
(people have known about this since last millennia!).<u></u><u></u></p><p \
class="MsoNormal"><u></u> <u></u></p><p class="MsoNormal">In summary if you have a \
‘strong' PSK you're safe.. But if you have an active MiTM as described in the paper \
then they can perform an offline brute force attack against your PSK assuming they \
have the computing power to find it.. <u></u><u></u></p><p class="MsoNormal"><u></u> \
<u></u></p><p class="MsoNormal">I wrote the following to help explain \
this..<u></u><u></u></p><p class="MsoNormal"><u></u> <u></u></p><p \
class="MsoNormal"><a \
href="https://www.linkedin.com/pulse/ike-brute-force-attack-explained-graham-bartlett/" \
target="_blank">https://www.linkedin.com/pulse/ike-brute-force-attack-explained-graham-bartlett/</a><u></u><u></u></p><p \
class="MsoNormal"><u></u> <u></u></p><p class="MsoNormal">cheers<u></u><u></u></p><p \
class="MsoNormal"><u></u> <u></u></p><div style="border:none;border-top:solid \
#b5c4df 1.0pt;padding:3.0pt 0cm 0cm 0cm"><p class="MsoNormal"><b><span \
style="font-size:12.0pt;color:black">From: </span></b><span \
style="font-size:12.0pt;color:black">Users <<a \
href="mailto:users-bounces@lists.strongswan.org" \
target="_blank">users-bounces@lists.strongswan.org</a>> on behalf of Sandesh \
Sawant <<a href="mailto:sandesh.sawant@gmail.com" \
target="_blank">sandesh.sawant@gmail.com</a>><br><b>Date: </b>Monday, 3 September \
2018 at 10:20<br><b>To: </b>"<a href="mailto:andreas.steffen@strongswan.org" \
target="_blank">andreas.steffen@strongswan.org</a>" <<a \
href="mailto:andreas.steffen@strongswan.org" \
target="_blank">andreas.steffen@strongswan.org</a>><br><b>Cc: </b>"<a \
href="mailto:users@lists.strongswan.org" \
target="_blank">users@lists.strongswan.org</a>" <<a \
href="mailto:users@lists.strongswan.org" \
target="_blank">users@lists.strongswan.org</a>><br><b>Subject: </b>Re: \
[strongSwan] (no subject)<u></u><u></u></span></p></div><div><p \
class="MsoNormal"><u></u> <u></u></p></div><div><p \
class="m_-2961104568182698668gmail-p1" \
style="margin:0cm;margin-bottom:.0001pt;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal"><a \
name="m_-2961104568182698668__MailOriginalBody"><span \
class="m_-2961104568182698668gmail-apple-converted-space"><span \
style="font-family:Helvetica">Hello Andreas,</span></span></a><span><span \
style="font-family:Helvetica"><u></u><u></u></span></span></p><p \
class="m_-2961104568182698668gmail-p1" \
style="margin:0cm;margin-bottom:.0001pt;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal"><span><span \
style="font-family:Helvetica"><u></u> <u></u></span></span></p><p \
class="m_-2961104568182698668gmail-p1" \
style="margin:0cm;margin-bottom:.0001pt;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal"><span><span \
class="m_-2961104568182698668gmail-apple-converted-space"><span \
style="font-family:Helvetica">Thanks for confirming that strongSwan isn't \
vulnerable to the mentioned attack.</span></span></span><span><span \
style="font-family:Helvetica"><u></u><u></u></span></span></p><p \
class="m_-2961104568182698668gmail-p1" \
style="margin:0cm;margin-bottom:.0001pt;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal"><span><span \
style="font-family:Helvetica"><u></u> <u></u></span></span></p><p \
class="m_-2961104568182698668gmail-p1" \
style="margin:0cm;margin-bottom:.0001pt;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal"><span><span \
class="m_-2961104568182698668gmail-apple-converted-space"><span \
style="font-family:Helvetica">However the report claims to have exploits for PSK and \
RSA signature based authentication also... Quoting from the report abstract: \
</span></span></span><span><span \
style="font-family:Helvetica"><u></u><u></u></span></span></p><p \
class="m_-2961104568182698668gmail-p1" \
style="margin:0cm;margin-bottom:.0001pt;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal"><span><span \
class="m_-2961104568182698668gmail-apple-converted-space"><span \
style="font-family:Helvetica"> "</span></span></span><span><span \
style="font-family:Helvetica">We exploit a Bleichenbacher oracle in an IKEv1 mode, \
where RSA<u></u><u></u></span></span></p><p class="m_-2961104568182698668gmail-p1" \
style="margin:0cm;margin-bottom:.0001pt;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal"><span><span \
style="font-family:Helvetica">encrypted nonces are used for authentication. Using \
this<u></u><u></u></span></span></p><p class="m_-2961104568182698668gmail-p1" \
style="margin:0cm;margin-bottom:.0001pt;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal"><span><span \
style="font-family:Helvetica">exploit, we break these RSA encryption<span \
class="m_-2961104568182698668gmail-apple-converted-space"> </span>based \
modes,<u></u><u></u></span></span></p><p class="m_-2961104568182698668gmail-p1" \
style="margin:0cm;margin-bottom:.0001pt;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal"><span><span \
style="font-family:Helvetica">and in addition break RSA signature<span \
class="m_-2961104568182698668gmail-apple-converted-space"> </span>based \
authentication<u></u><u></u></span></span></p><p \
class="m_-2961104568182698668gmail-p1" \
style="margin:0cm;margin-bottom:.0001pt;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal"><span><span \
style="font-family:Helvetica">in both IKEv1 and IKEv2. Additionally, we \
describe<u></u><u></u></span></span></p><p class="m_-2961104568182698668gmail-p1" \
style="margin:0cm;margin-bottom:.0001pt;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal"><span><span \
style="font-family:Helvetica">an offline dictionary attack against the PSK \
(Pre-Shared<u></u><u></u></span></span></p><p class="m_-2961104568182698668gmail-p1" \
style="margin:0cm;margin-bottom:.0001pt;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal"><span><span \
style="font-family:Helvetica">Key) based IKE modes, thus covering all available \
authentication<u></u><u></u></span></span></p><p \
class="m_-2961104568182698668gmail-p1" \
style="margin:0cm;margin-bottom:.0001pt;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal"><span><span \
style="font-family:Helvetica">mechanisms of \
IKE."<u></u><u></u></span></span></p><p class="m_-2961104568182698668gmail-p1" \
style="margin:0cm;margin-bottom:.0001pt;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal"><span><span \
style="font-family:Helvetica"><u></u> <u></u></span></span></p><p \
class="m_-2961104568182698668gmail-p1" \
style="margin:0cm;margin-bottom:.0001pt;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal"><span><span \
style="font-family:Helvetica">Can you please confirm that strongSwan isn't \
vulnerable to the Bleichenbacher attack against IKEv2 signature based auth and \
offline dictionary attack mentioned for PSK based auth (irrespective of the PSK \
chosen by the user)?<u></u><u></u></span></span></p><p \
class="m_-2961104568182698668gmail-p1" \
style="margin:0cm;margin-bottom:.0001pt;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal"><span><span \
style="font-family:Helvetica"><u></u> <u></u></span></span></p><p \
class="m_-2961104568182698668gmail-p1" \
style="margin:0cm;margin-bottom:.0001pt;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal"><span><span \
style="font-family:Helvetica">Thanks,<u></u><u></u></span></span></p><p \
class="m_-2961104568182698668gmail-p1" \
style="margin:0cm;margin-bottom:.0001pt;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal"><span><span \
style="font-family:Helvetica">Sandesh<u></u><u></u></span></span></p><p \
class="MsoNormal"><span><u></u> <u></u></span></p><div><div><p \
class="MsoNormal"><span>On Fri, Aug 31, 2018 at 3:50 PM Andreas Steffen <</span><a \
href="mailto:andreas.steffen@strongswan.org" \
target="_blank"><span>andreas.steffen@strongswan.org</span><span></span></a><span>> \
wrote:<u></u><u></u></span></p></div><blockquote style="border:none;border-left:solid \
#cccccc 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-right:0cm"><p \
class="MsoNormal"><span>Hi Sandesh,<br><br>strongSwan is not vulnerable to the \
Bleichenbacher oracle attack<br>since we did not implement the RSA encryption \
authentication variant<br>for IKEv1.<br><br>Best regards<br><br>Andreas<br><br>On \
31.08.2018 10:53, Sandesh Sawant wrote:<br>> Hi all,<br>> <br>> I came \
across below news about a paper enlisting attacks pertaining to<br>> IKE protocol, \
and want to know whether the latest version of trongSwan<br>> stack is vulnerable \
to the attacks mentioned in this<br>> paper: </span><a \
href="https://www.ei.rub.de/media/nds/veroeffentlichungen/2018/08/13/sec18-felsch.pdf" \
target="_blank"><span>https://www.ei.rub.de/media/nds/veroeffentlichungen/2018/08/13/sec18-felsch.pdf</span><span></span></a><span><br>> \
References:<br>> </span><a \
href="https://latesthackingnews.com/2018/08/20/ipsec-vpn-connections-broken-using-20-year-old-flaw/" \
target="_blank"><span>https://latesthackingnews.com/2018/08/20/ipsec-vpn-connections-broken-using-20-year-old-flaw/</span><span></span></a><span><br>> \
</span><a href="https://securityaffairs.co/wordpress/75352/hacking/key-reuse-ipsec-attack.html" \
target="_blank"><span>https://securityaffairs.co/wordpress/75352/hacking/key-reuse-ipsec-attack.html</span><span></span></a><span><br>> \
<br>> Thanks,<br>> \
Sandesh<br><br>======================================================================<br>Andreas \
Steffen </span><a \
href="mailto:andreas.steffen@strongswan.org" \
target="_blank"><span>andreas.steffen@strongswan.org</span><span></span></a><span><br>strongSwan \
- the Open Source VPN Solution! </span><a \
href="http://www.strongswan.org" \
target="_blank"><span>www.strongswan.org</span><span></span></a><span><br>Institute \
for Networked Solutions<br>HSR University of Applied Sciences Rapperswil<br>CH-8640 \
Rapperswil (Switzerland)<br>===========================================================[INS-HSR]==<u></u><u></u></span></p></blockquote></div></div></div></div>
</blockquote></div></div></div>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic