Date: Wed, 27 Sep 2000 17:01:02 -0700 (PDT) From: Kris Kennaway <kris@FreeBSD.org> To: Sam wun <swun@eSec.com.au> Cc: "'freebsd-security@freebsd.org'" <freebsd-security@FreeBSD.ORG> Subject: Re: What happened if the pre-share key got cacked? Message-ID: <Pine.BSF.4.21.0009271657030.1024-100000@freefall.freebsd.org> In-Reply-To: <39D1B8E8.B5B070FB@eSec.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 27 Sep 2000, Sam wun wrote:
> I am a bit concernt about hte pre-share key that using by the IPsec couple of
> client and the server machines.
> What if this key got stolent somehow? what will be the consequence?
> I am using IPSec in FreeBSD. The pre-share key is used by racoon. The psk.txt
> is protected by 600 permission. But what if my root account got cracked?
> anyone whom posesses my root account will be able to see the content of the
> psk.txt file?
They can do a hell of a lot more than that if they get root. Thats why
it's important to make sure attackers can't get root on your boxes, and to
choose a cryptographically strong pre-shared key (i.e. n bits of output
from /dev/random :-)
Kris
--
In God we Trust -- all others must submit an X.509 certificate.
-- Charles Forsythe <forsythe@alum.mit.edu>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0009271657030.1024-100000>