[Ach] recent spiegel docs

christian mock cm at coretec.at
Mon Dec 29 01:37:34 CET 2014

So I've gone thru most of them and try to summarize what they mean in
the context of ACH (as the accompanying article is rather light on the
technical details).

IPSEC: they seem to have the capability to decrypt based on pre-shared
keys that they've got via some other means (pwning routers &
extracting config, or snooping on admins). Can we still safely
recommend using PFS as a safe thing (in phase 1 and phase 2)? (I think
recommending certificates instead of PSKs is moot, they'd just extract
the private keys instead of the PSKs).

TLS: they seem to decrypt non-FS connections by using RSA private keys
extracted by other means (and weak debian keys). FS ciphers still seem
safe, so shall we drop all non-FS ciphers (at least in config A)? No
hint at whether they fool with the NIST EC curves...

PPTP: we've already made the only sensible recommendation ;-)

SSH: AFAICT, they only mention it in passing, no indications to the
kind of techniques used, but they seem to have some capabilities.
What's the buzz about that at the congress?

My summary: the only thing they seem to attack cryptoanalytically is
PPTP, and that's already public knowledge.


Christian Mock                          Wiedner Hauptstr. 15
Senior Security Engineer                1040 Wien
CoreTEC IT Security Solutions GmbH      +43-1-5037273
FN 214709 z

CoreTEC: Web Application Audit - Damit so etwas nicht passiert!



More information about the Ach mailing list