Re: [Full-Disclosure] UPDATE: Cisco Security Notice: Dictionary Attack on Cisco LEAP Vulnerability
Date: Fri Apr 16 2004 - 04:12:03 EDT
CISCO wrote on 12.04.2004 19:59:19:
> Summary
>
> Cisco LEAP is a mutual authentication algorithm that supports dynamic
> derivation of session keys. With Cisco LEAP, mutual authentication
relies
> on a shared secret, the user's logon password-which is known by the
client
> and the network, and is used to respond to challenges between the
user and
> the Remote Authentication Dial-In User Service (RADIUS) server.
>
> As with most password-based authentication algorithms, Cisco LEAP is
> vulnerable to dictionary attacks.
As everyone can read in every good book about crypto, challenge-response
methods should use a piece of information called "salt" that prevents
attacks of being performed that easy.
Because hashes with no salt always look the same, and you can prehash
them.
Salted hashes can not be calculated before an attack and are not ultimate
save, but much harder to crack in realtime. (during an attack)
If the developers at CISCO had done their homework, that would have never
happened.
Dear Josh, nice work, I regret that we we didnt get our beers when we met
last time.
-- Christoph Gruber, Security WAT1SE WAVE Solutions Information Technology GmbH Nordbergstrasse 13, A - 1090 Wien, Austria christoph.gruber@wave-solutions.com Office: +43 1 71730 53514, Mobile: +43 664 81 22 66 1 PGP-Fingerprint: CCFF 5D66 7073 952C 7AB3 C2DF 435A C85C 558E D42B _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.htmlReceived on Fri Apr 16 04:44:08 2004
This archive was generated by hypermail 2.1.8 : Fri Apr 16 2004 - 05:05:45 EDT
