Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7751
Views
0
Helpful
5
Replies

SHA1 hashing

Ruterford
Level 1
Level 1

‎11-04-2012 06:42 PM

There are some folks saying that SHA1 (160 bit) should not be used any longer on IPSEC implementations since it is broken.

Can anybody comment on this? For phase 2 there is sha1 + hmac(cannot be broken yet), what about Phase1?

Whole world is still running IKE v1 VPN IPSEC using SHA1 hash.

Labels:
0 Helpful
5 Replies 5

Javier Portuguez
Level 9
Level 9

‎11-04-2012 07:13 PM

Hi Ruterford,

Indeed IKEv1 security has been improved by IKEv2.

In order to have some more secure algorithms, then you will need to consider IKEv2, an ASA running 8.4 or later should give the following integrity algorithms:

ciscoasa(config)# crypto ikev2 policy 10

ciscoasa(config-ikev2-policy)# integrity ?

ikev2-policy mode commands/options:

  md5     set hash md5

  sha     set hash sha1

  sha256  set hash sha256

  sha384  set hash sha384

  sha512  set hash sha512

IKEv1 does not only support SHA1.

Thanks.

Portu.

Please rate any helpful posts

0 Helpful

Ruterford
Level 1
Level 1
In response to Javier Portuguez

‎11-05-2012 06:05 AM

Portu, it is all clear that IKEv2 provides improvements on IKE v1.

But your reply does not answer my question.

Can SHA1 be cracked on IPSEC implementation on Phase 1 and Phase 2 currently?

0 Helpful

Marcin Latosiewicz
Cisco Employee
Cisco Employee
In response to Ruterford

‎11-05-2012 08:46 AM

to answer that question you need to know what hashing is doing in IPsec.

It's not that algorithm cannot be broken (altough I still need to see a real-time attack).

Have a look at IPsec (ESP, most commony used) header structure.

You can even find it out on wikipedia:

http://en.wikipedia.org/wiki/IPsec

EVEN if you're able to break the integrity check, you are still going to face problem encrypting spoofing the actual payload.

M.

0 Helpful

Ruterford
Level 1
Level 1
In response to Marcin Latosiewicz

‎11-05-2012 10:37 AM

Thanks Marcin.

Is SHA 256, as well as groups higher than  DH-group 5 (like 14, 16)supported on ASA only with IKEv2?

I know that IOS supports SHA256 and Group 14, 16 on IKEv1, but it looks like ASA only supports them with IKEv2.

0 Helpful

Marcin Latosiewicz
Cisco Employee
Cisco Employee
In response to Ruterford

‎11-05-2012 11:55 AM

In practice suite-B etc. has been only added for IKEv2.

Check.

http://tools.ietf.org/html/rfc6379

and

http://www.nsa.gov/ia/programs/suiteb_cryptography/

You will notice that while in theory there is no reason for IKEv1 not to implement those "new" algorithms it's with IKEv2 they are required to be accredited.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents