CertiGuide to Security+  9  Chapter 1:  General Security Concepts (Domain 1.0; 30%)       9  1.4  Attacks

1.4.6  TCP/IP Hijacking 1 1.4.8  Mathematical

An attack based on weak keys takes advantage of weak keys used to protect encrypted information, or weak passwords for user authentication. If an attacker can “break” a key, he can gain access to whatever that key is protecting – be it data, a logon credential, etc.

The term “weak keys” usually relates directly to secure protocols, such as IPSec or SSL. As mentioned in 1.4.5, these secure protocols use cryptography and a key exchange protocol known as IKE to create a secure connection between 2 hosts using session keys. As discussed in chapter 4, a host must “decide” on a mathematical algorithm to use for encryption of secure sessions, such as DES, 3DES or RC4. 40-bit key lengths, and indeed 56bit DES are not considered secure, and modern hardware is allowing attackers (and researchers) to break these encryption algorithms quicker all the time. Unfortunately due to the legacy from old export laws from the USA restricting the export of strong encryption, a significant proportion of servers (especially web servers) still use these weak keys.

Weak keys may also include those using only a subset of the permitted characters, or using predictable contents as the key (such as the name of the resource being protected).

The obvious prevention technique here involves using strong encryption algorithms and strong keys, and combining this type of authentication with others. More will be said about this in the chapter on Cryptography.

Much of the rest of this domain overlaps with Domain 4 Cryptography. It appears to be definitional in Domain 1, and more “How” based in Domain 4.

1.4.6  TCP/IP Hijacking 1 1.4.8  Mathematical