[VOIPSEC] FWD - Hotel and Wfi Insecurity, including SIP

Richard Clayton richard at highwayman.com
Mon Nov 21 03:32:40 CST 2005 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In message <200511210730.jAL7U8gu004318 at ms-smtp-03.rdc-kc.rr.com>,
Philip Walenta <pwalenta at wi.rr.com> writes

>Obviously digest based authentication is much more difficult since the
>actual password/key is never passed over the network, only its hash.
>
>I'm making the assumption that it *could* be cracked given there are many
>tools now that can crack MD2/4/5/SHA/SQL hashes using a variety of brute
>force methods.

It does not follow that because one crypto-system is flawed that means
that all must be :(  although you do have history on your side :)


It is true that if you use a weak secret (a word from the dictionary
perhaps) then that can be discovered by brute force searching.

It is true that if you use a short secret (six or seven characters) then
that too can be discovered by brute force searching.


However although a brute force search will eventually crack even a long,
strong secret, it is most unlikely to do so within your lifetime (or
that of nearby galaxies !)


Do NOT confuse the collision results for MD5 and SHA-1 (which do have an
impact on security in some of the places these cryptographic hashes are
used) with pre-image resistance. ie: if H = hash(M) find M given just H


>The utility I mentioned - Cain - has 20+ hash methods it can crack, SIP
>being one of them.

SIP is not a hash :(  but I think I see what you mean...

>  The few times I've used it, it's taken about 20 or so
>hours to crack the easier hashed authentications.  Cain can be helped by
>seeding what it will try, and given the propensity for users to use the same
>password across multiple systems, all you need is a few sniffs of other
>traffic from a given machine, and you can send Cain on its way to guessing.

... and Cain is clearly leveraging the first of the two "it is true"
statements above.  "Weak passwords" are weak!

A good piece of software (be it for VOIP or otherwise) will indicate to
the user that they have chosen poorly and should consider whether a
better password would be desirable.

>Heck, Cain can even crack the RSA SecurID token pattern given a little
>information.

As to SecurID ... the proprietary hash function that RSA used is indeed
flawed :(  It's still not entirely trivial to crack; Biryukov, Lano and
Preneel say:

   The 64-bit secret key of 10% of the cards can be discovered given two
   months of token outputs and 2**48 analysis steps. A larger fraction
   of cards can be covered given more observation time.

Contini and Yin improve this to 2**40 hash operations, and it still
involves sitting and watching the numbers on the token tick around for a
week or so; which is more than a little information!

However, the conclusion from this should not be that SIP is insecure :)
but that using home-grown hash functions is seldom wise!

- -- 
richard                                                  Richard Clayton

Those who would give up essential Liberty, to purchase a        Benjamin
little temporary Safety, deserve neither Liberty nor Safety.    Franklin

-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1

iQA/AwUBQ4GUOJoAxkTY1oPiEQIDCQCgoVUQbm08qVQcnbEMsf+hvAFVD38AoJtN
EfZz+AT6DgQUMAufipu8fj0I
=9QBK
-----END PGP SIGNATURE-----

More information about the Voipsec mailing list