Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > NFR Wizards> 1999-q4

NFR Wizards Archives: Possibility of replay attacks in manually

Possibility of replay attacks in manually keyed IPsec?

Subject: Possibility of replay attacks in manually keyed IPsec?
From: Mikael Olsson (mikael.olssonenternet.se)
Date: Fri Dec 03 1999 - 01:53:48 CST

Next message: Burgess, John (EDS): "RE: Network Monitors"
Previous message: Desai, Ashish: "Re: Network Monitors"
Next in thread: Steve Goldhaber: "Re: Possibility of replay attacks in manually keyed IPsec?"
Reply: Steve Goldhaber: "Re: Possibility of replay attacks in manually keyed IPsec?"
Reply: Mikael Olsson: "Re: Possibility of replay attacks in manually keyed IPsec?"
Reply: Ben Nagy: "RE: Possibility of replay attacks in manually keyed IPsec?"
Reply: Stefan Norberg: "Re: Possibility of replay attacks in manually keyed IPsec?"
Reply: Rick Smith: "Re: Possibility of replay attacks in manually keyed IPsec?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

Quick question. I'm getting conflicting answers from different
people, so I decided I'd hand it over to you guys:

Is IPsec vulnerable to replay attacks when IKE is configured
to use pre-shared keys, rather than basing the SA negotiation
on certificates?

I'd imagine that if IPsec itself uses fixed encryption keys,
it would be vulnerable to replay attacks, but this is not
the case. Here, we only handle fixed keys to IKE, so the
fixed keys only get used in the SA negotiation.

(If there is a vulnerability, is this a flaw in the algorithm,
or just in someone's imlementation of it?)

Thanks in advance,
/Mike

-- 
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46 (0)660 105 50           Fax: +46 (0)660 122 50
Mobile: +46 (0)70 248 00 33
WWW: http://www.enternet.se        E-mail: mikael.olssonenternet.se

Next message: Burgess, John (EDS): "RE: Network Monitors"
Previous message: Desai, Ashish: "Re: Network Monitors"
Next in thread: Steve Goldhaber: "Re: Possibility of replay attacks in manually keyed IPsec?"
Reply: Steve Goldhaber: "Re: Possibility of replay attacks in manually keyed IPsec?"
Reply: Mikael Olsson: "Re: Possibility of replay attacks in manually keyed IPsec?"
Reply: Ben Nagy: "RE: Possibility of replay attacks in manually keyed IPsec?"
Reply: Stefan Norberg: "Re: Possibility of replay attacks in manually keyed IPsec?"
Reply: Rick Smith: "Re: Possibility of replay attacks in manually keyed IPsec?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b27 : Fri Dec 03 1999 - 20:00:52 CST