debugging encrypted part of isakmp
Andriy Gapon
avg at icyb.net.ua
Fri Jan 14 07:53:09 PST 2005
on 14.01.2005 17:22 Bruce M Simpson said the following:
> On Fri, Jan 14, 2005 at 04:44:19PM +0200, Andriy Gapon wrote:
>
>>So, I am looking for the easiest way to decrypt isakmp packets using
>>both packet data and information like pre-shared keys, certificates etc.
>
>
> There's probably not a lot that you can do here, short of turning on all
> the debugging switches you can find for the opaque IKE implementation
> you're dealing with; unless the isakmp decoder in tcpdump were modified
> to accept keying material. We already do this for AH, ESP, TCP-MD5 but
> not IKE itself as that's a non-trivial task.
I see. I think it should not be too hard theoretically to write a
program that would do such decryption offline, using code from isakmpd
or racoon, and playing for both sides to deduce internal state/random
values that original parties used. But that's definitely a lot of work.
--
Andriy Gapon
More information about the freebsd-security
mailing list