[2808] in cryptography@c2.net mail archive
Re: David Wagner: Re: CISCO PIX Vulnerability
daemon@ATHENA.MIT.EDU (Rick Smith)
Thu Jun 11 10:58:04 1998
Date: Wed, 10 Jun 1998 13:10:41 -0500
To: "Scott G. Kelly" <skelly@redcreek.com>,
"Perry E. Metzger" <perry@piermont.com>
From: Rick Smith <rick_smith@securecomputing.com>
Cc: cryptography@c2.net
In-Reply-To: <3576C8C9.78E3143A@redcreek.com>
At 09:18 AM 6/4/98 -0700, Scott G. Kelly wrote:
>Just wanted to note that not *all* Cisco PIX boxes have this problem.
>Some of the boxes use a hardware card for encryption (which we provide),
>and those systems certainly do not have this shortcoming.
Does PIX use some integrity mechanism in addition to the ECB encryption? Do
they renegotiate keys regularly? If not, then the benefits of hardware
encapsulation and key length aren't going to protect them from forged
commands.
Rick.
smith@securecomputing.com
