1

A pre-shared key is used for authenticating the peers and also used in protecting the DH key exchange because it's possible to man in the middle the DH exchange.

Does this mean that if an attacker knows the pre-shared key he can man in the middle the initial IKE phase 1 negotiation so the encryption keys for the ipsec connection are compromised?

Limit
  • 3,191
  • 1
  • 16
  • 35
ytdpiu
  • 11
  • 1

1 Answers1

1

Yes, which is why people employ an attack called "Aggressive Mode IKE PSK Cracking".

user34445
  • 503
  • 2
  • 12
  • That only applies when using Aggressive mode and IKEv1. Do you know about Main mode and/or IKEv2? – ytdpiu Jan 02 '17 at 15:21