back to article Support for ageing key exchange crypto leaves VPNs open to attack

Security gaps have been identified in widely used implementations of the IPsec protocol, which is used in the set up of Virtual Private Networks (VPNs). The Internet Key Exchange protocol "IKEv1", which is part of the IPsec protocol family, has vulnerabilities that enable potential attackers to interfere with the communication …

  1. Wzrd1

    And if...

    You had a proper kit tool examining passwords to ensure a properly hardened password is adopted, you're golden.

    If you had two factor authentication to even get onto the wireless network, you're golden.

    Both methods and more, trivially available for cheap to no cost.

    1. phuzz Silver badge

      Re: And if...

      Not much help if you have to set up a VPN to a third party who refuse to use more than DES and a six character password.

      I wish I was joking.

  2. Hans 1 Silver badge

    Key reuse ? TLS 1.3 wants to re-use keys, let's hope the implementation does not suck ...

    1. Michael Wojcik Silver badge

      Hanno Böck and co. just got a Pwnie for Bleichenbaching a bunch of TLS implementations. Maybe that's the last we'll see of that implementation mistake, but my guess is if people are still making it 20 years after publication, they'll continue to make it.

      Oh, well. More and more are moving to ECC, which isn't vulnerable to Bleichenbach. And if current trends continue, in a decade or so we may be commonly using some form of PQC, possible RLWE variants. So there will be new and exciting implementation errors to exploit.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019