Date: Fri, 14 Jan 2005 17:53:00 +0200 From: Andriy Gapon <avg@icyb.net.ua> To: Bruce M Simpson <bms@spc.org> Cc: freebsd-security@freebsd.org Subject: Re: debugging encrypted part of isakmp Message-ID: <41E7EADC.7080104@icyb.net.ua> In-Reply-To: <20050114152222.GG57985@empiric.icir.org> References: <41E796DC.2090102@icyb.net.ua> <20050114140709.GD57985@empiric.icir.org> <41E7DAC3.3050707@icyb.net.ua> <20050114152222.GG57985@empiric.icir.org>
next in thread | previous in thread | raw e-mail | index | archive | help
on 14.01.2005 17:22 Bruce M Simpson said the following: > On Fri, Jan 14, 2005 at 04:44:19PM +0200, Andriy Gapon wrote: > >>So, I am looking for the easiest way to decrypt isakmp packets using >>both packet data and information like pre-shared keys, certificates etc. > > > There's probably not a lot that you can do here, short of turning on all > the debugging switches you can find for the opaque IKE implementation > you're dealing with; unless the isakmp decoder in tcpdump were modified > to accept keying material. We already do this for AH, ESP, TCP-MD5 but > not IKE itself as that's a non-trivial task. I see. I think it should not be too hard theoretically to write a program that would do such decryption offline, using code from isakmpd or racoon, and playing for both sides to deduce internal state/random values that original parties used. But that's definitely a lot of work. -- Andriy Gapon
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?41E7EADC.7080104>