[vpn] Clarification on key-negotiation and security of ipsec

Eirik Schwenke schwenke-vpn-list at orakel.ntnu.no
Mon Jul 15 10:22:59 EDT 2002


Hi,

does anyone know how knowledge of preshared secrets
and/or knowledge of private keys using certificate-
based authentication affects the security of
ipsec ?

That is: if an attacker knows the pre-shared secret/ or
the private key of _one_ of the parties negotiating a
vpn-connection, and is able to listen to the traffic --
will that attacker be able to calculate the session-keys
used for encryption ?

It is my understanding that a passive attacker would _not_
be able to calculate the session keys, and listen to the
encrypted traffic -- is this correct ?

-- 
Eirik Schwenke

"Eat right, exercise regularly, die anyway."



VPN is sponsored by SecurityFocus.com





More information about the VPN mailing list