cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
6246
Views
0
Helpful
5
Replies
Highlighted
Beginner

SHA1 hashing

There are some folks saying that SHA1 (160 bit) should not be used any longer on IPSEC implementations since it is broken.

Can anybody comment on this? For phase 2 there is sha1 + hmac(cannot be broken yet), what about Phase1?

Whole world is still running IKE v1 VPN IPSEC using SHA1 hash.

5 REPLIES 5
Highlighted

Hi Ruterford,

Indeed IKEv1 security has been improved by IKEv2.

In order to have some more secure algorithms, then you will need to consider IKEv2, an ASA running 8.4 or later should give the following integrity algorithms:

ciscoasa(config)# crypto ikev2 policy 10

ciscoasa(config-ikev2-policy)# integrity ?

ikev2-policy mode commands/options:

  md5     set hash md5

  sha     set hash sha1

  sha256  set hash sha256

  sha384  set hash sha384

  sha512  set hash sha512

IKEv1 does not only support SHA1.

Thanks.

Portu.

Please rate any helpful posts

Highlighted

Portu, it is all clear that IKEv2 provides improvements on IKE v1.

But your reply does not answer my question.

Can SHA1 be cracked on IPSEC implementation on Phase 1 and Phase 2 currently?

Highlighted

to answer that question you need to know what hashing is doing in IPsec.

It's not that algorithm cannot be broken (altough I still need to see a real-time attack).

Have a look at IPsec (ESP, most commony used) header structure.

You can even find it out on wikipedia:

http://en.wikipedia.org/wiki/IPsec

EVEN if you're able to break the integrity check, you are still going to face problem encrypting spoofing the actual payload.

M.

Highlighted

Thanks Marcin.

Is SHA 256, as well as groups higher than  DH-group 5 (like 14, 16)supported on ASA only with IKEv2?

I know that IOS supports SHA256 and Group 14, 16 on IKEv1, but it looks like ASA only supports them with IKEv2.

Highlighted

In practice suite-B etc. has been only added for IKEv2.

Check.

http://tools.ietf.org/html/rfc6379

and

http://www.nsa.gov/ia/programs/suiteb_cryptography/

You will notice that while in theory there is no reason for IKEv1 not to implement those "new" algorithms it's with IKEv2 they are required to be accredited.

Content for Community-Ad