[Cryptography] To what is Anderson referring here?

Peter Gutmann pgut001 at cs.auckland.ac.nz
Thu Jun 5 21:53:50 EDT 2014


Dan McDonald <danmcd at kebe.com> writes:
>On Thu, Jun 05, 2014 at 09:29:27PM +1200, Peter Gutmann wrote:
>> Heck, the IPsec folks more or less made this explicit:
>>
>>   all password-based authentication is insecure; IPsec is designed to be
>>   secure; therefore, you have to deploy a PKI for it
>
>A noticeable amount of IPsec deployments (IKE to be precise) uses PSK. 

Yup, and most of that came about because people realised that if you forced
users to deploy PKI as a precondition to deploying IPsec, IPsec would never
get deployed.  It's certainly a lot better now, but in the early days when
keying was supposed to be PKI-or-nothing, vendors got around the problem by
adding homebrew "management tunnels" to do the PSK (things like single-DES in
ECB mode, or only encrypting data in 8-byte blocks and leaving the rest in
plaintext because (a) they didn't know how to encrypt less than 8 bytes and
(b) "the little leftover bit won't be interesting anyway", or using a
hardwired key with an IPsec SA to communicate the PSK, or ...).

Peter.



More information about the cryptography mailing list