[Cryptography] To what is Anderson referring here?
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Thu Jun 5 21:53:50 EDT 2014
Dan McDonald <danmcd at kebe.com> writes:
>On Thu, Jun 05, 2014 at 09:29:27PM +1200, Peter Gutmann wrote:
>> Heck, the IPsec folks more or less made this explicit:
>>
>> all password-based authentication is insecure; IPsec is designed to be
>> secure; therefore, you have to deploy a PKI for it
>
>A noticeable amount of IPsec deployments (IKE to be precise) uses PSK.
Yup, and most of that came about because people realised that if you forced
users to deploy PKI as a precondition to deploying IPsec, IPsec would never
get deployed. It's certainly a lot better now, but in the early days when
keying was supposed to be PKI-or-nothing, vendors got around the problem by
adding homebrew "management tunnels" to do the PSK (things like single-DES in
ECB mode, or only encrypting data in 8-byte blocks and leaving the rest in
plaintext because (a) they didn't know how to encrypt less than 8 bytes and
(b) "the little leftover bit won't be interesting anyway", or using a
hardwired key with an IPsec SA to communicate the PSK, or ...).
Peter.
More information about the cryptography
mailing list