Re: [Ipsec-tools-devel] Cisco Group name/Group password
Brought to you by:
mit_warlord,
netbsd
From: F. S. <fre...@la...> - 2005-10-03 07:36:58
|
Monday, October 3, 2005, 12:24:09 AM, Mohammed, Shahid wrote: > Does anyone know how the group name/group password (Cisco client) gets > used in calculation of HASH_I in aggressive mode ph1? In which mode ? With group authentication, it's a simple mapping to pre-shared key with xauth : group name is a key id, group password is the pre-shared key ; as for the exact calculation, I refer you to the appropriate RFCs. With mutual group authentication, it's more complicated. Cisco follows the RFC for hybrid authentication, but adds somewhere (in the last packet exchange IIRC) another hash composed from the group password. That hash is the tricky part, as I've never managed to find how it was made. > Any help on this one would be appreciated as I have spent quite some > time researching this issue. Same here. Fred -- Angels, they fell first but I'm still here Alone as they are drawing near In heaven my masterpiece will finally be sung (Nightwish, End of All Hope) |