Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Internet Key Exchange
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
==Vulnerabilities== Leaked [[NSA]] presentations released in 2014 by {{lang|de|[[Der Spiegel]]}} indicate that IKE is being exploited in an unknown manner to decrypt IPsec traffic, as is ISAKMP.<ref>{{citation|publisher=NSA via 'Der Spiegel'|url=http://www.spiegel.de/media/media-35529.pdf|page=5|title=Fielded Capability: End-to-end VPN SPIN9 Design Review}}</ref> The researchers who discovered the [[Logjam (computer security)|Logjam attack]] state that breaking a 1024-bit Diffie–Hellman group would break 66% of VPN servers, 18% of the top million HTTPS domains, and 26% of SSH servers, which the researchers claim is consistent with the leaks.<ref>{{Cite conference| url=https://weakdh.org/imperfect-forward-secrecy-ccs15.pdf | first1=David | last1=Adrian | first2=Karthikeyan | last2=Bhargavan | first3=Zakir | last3= Durumeric | first4=Pierrick | last4=Gaudry | first5=Matthew | last5=Green | first6=J. Alex | last6=Halderman | first7=Nadia | last7=Heninger |author7-link= Nadia Heninger | first8=Drew | last8=Springall | first9=Emmanuel | last9=Thomé | first10=Luke | last10=Valenta | first11=Benjamin | last11=VanderSloot | first12=Eric | last12=Wustrow | first13=Santiago | last13=Zanella-Béguelin | first14=Paul | last14=Zimmermann | title=Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice | conference=22nd ACM Conference on Computer and Communications Security (CCS ’15) | location=[[Denver]] | date=October 2015 | access-date=15 June 2016}}</ref> This claim was refuted in 2015 by both Eyal Ronen and [[Adi Shamir]] in their paper "Critical Review of Imperfect Forward Secrecy"<ref>{{ Cite web | url=http://www.wisdom.weizmann.ac.il/~eyalro/RonenShamirDhReview.pdf | first1=Eyal | last1=Ronen | first2=Adi | last2=Shamir | title=Critical Review of Imperfect Forward Secrecy | date=October 2015}}</ref> and by Paul Wouters of Libreswan in a 2015 article "66% of VPN's{{sic}} are not in fact broken".<ref>{{ Cite web | url=https://nohats.ca/wordpress/blog/2015/10/17/66-of-vpns-are-not-in-fact-broken/ | first1=Paul | last1=Wouters | title=66% of VPN's are not in fact broken | date=October 2015}}</ref> IPsec VPN configurations which allow for negotiation of multiple configurations are subject to [[ Man-in-the-middle_attack| MITM]]-based [[downgrade attack]]s between the offered configurations, with both IKEv1 and IKEv2.<ref name="ike-downgrade">{{Cite web | url=https://eprint.iacr.org/2016/072.pdf | title=Downgrade Resilience in Key-Exchange Protocols | first1=Karthikeyan | last1=Bhargavan | first2=Christina | last2=Brzuska | first3=Cédric | last3=Fournet | first4=Markulf | last4=Kohlweiss | first5=Santiago | last5=Zanella-Béguelin | first6=Matthew | last6=Green | date=January 2016 }}</ref> This can be avoided by careful segregation of client systems onto multiple service access points with stricter configurations. Both versions of the IKE standard are susceptible to an offline [[dictionary attack]] when a low entropy password is used. For the IKEv1 this is true for main mode and aggressive mode.<ref>{{Cite web|url=http://skysrv.pha.jhu.edu/~jpliam/ima/xauth/|title=Authentication Vulnerabilities in IKE and Xauth with Weak Pre-Shared Secrets|last=Pliam|first=John|date=2 October 1999|website=Johns Hopkins University|url-status=live|archive-url=https://web.archive.org/web/20020610050311/http://www.ima.umn.edu/~pliam/xauth/|archive-date=10 June 2002|access-date=5 February 2020}}</ref><ref>{{Cite web|url=http://blogs.cisco.com/security/great-cipher-but-where-did-you-get-that-key/|title=Great Cipher, But Where Did You Get That Key|last=McGrew|first=David|date=5 July 2011|website=Cisco Blog|url-status=dead|archive-url=https://web.archive.org/web/20110709020412/http://blogs.cisco.com/security/great-cipher-but-where-did-you-get-that-key/|archive-date=9 July 2011|access-date=11 February 2020}}</ref><ref>{{Cite book|url=https://www.usenix.org/conference/usenixsecurity18/presentation/felsch|title=The Dangers of Key Reuse: Practical Attacks on IPsec IKE|last=Felsch|first=Dennis|date=August 2018|website=27th USENIX Security Symposium|isbn=9781939133045 |access-date=11 February 2020}}</ref>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)