Search This Blog

Tuesday, September 22, 2020

Procedurally Generated Annotations

Imagine exploring this dungeon:

Dungeon map
Procedurally generated dungeon map

But that's not what watabou's One Page Dungeon generator produced. It produced that dungeon with a title, Underground Lair of the Cursed Lich: For several centuries the lair of the Cursed Lich was considered lost, until recently was rediscovered by a gang of gnolls, and also with text annotations on some of the rooms:

Dungeon map with annotations
Procedurally annotated dungeon map

Big difference! The text sparks curiosity and imagination in a way that the map by itself does not. Is that bard good or evil? Did the bard and cleric know each other? How did seals kill the gnoll?! What does the magic gem do? This type of text is missing from many procedural generation projects, including mine. I love what watabou did here.

Let's look a map from Azgaar's Fantasy Map Generator:

Continent map
Procedurally generated continent map

But that's not all Azgaar generates. He also generates country names, borders, icons, and other annotations:

Continent map with annotations
Procedurally generated everything

Look at how much more interesting that is!

Zoomed in, the map looks nice, with regions, rivers, and bays:

Region map
Procedurally generated region map

But look how much more interesting it is with town names, roads, and trade routes:

Region map with annotations
Procedurally generated everything

It doesn't take much annotation to make the magic! Just a small amount triggers our curiosity and imagination. Our minds see patterns easily, even when they aren't really there ("apophenia"). This is something I'd like to explore the next time I'm making a procedural map generator.

(Note: this is an expanded version of what I posted on twitter)

Posted by at No comments:

Monday, September 21, 2020

Upcoming Games Of 2019 | Confirmed Release Dates | PS4, Xbox One, PC


upcoming games, upcoming ps4 games, upcoming pc games, ps4, Xbox one, pc, games 2019,


Upcoming Games  Of 2019 | Confirmed Release Dates | PS4, Xbox One, PC

As 2018 comes to an end, it's time to start looking forward to all the phenomenal new games of 2019. Maybe you're still making your way through the best games of 2018, yet it's never too soon to look forward to the future and figure out what you need to start saving up for. We've compiled the absolute greatest new games of 2019 that we're anticipating like Anthem, Cyberpunk 2077Days Gone, DMC 5, Resident Evil 2 Remake, and Kingdom Hearts III make up just few what's coming down the road. BTW It's all ordered by release date for easy browsing.

 More dates are certain to be confirmed as the year goes on, so make sure to check back often as we update this article with new additions. So, stay in touch with the "Pro-Bros Arena"




1. Ace Combat 7: Skies Unknown


Release Date: 18 January 2019
Platforms: PlayStation 4, Xbox One, Microsoft Windows
Developers: BANDAI NAMCO Entertainment, Project Aces, Bandai Namco Studios

 Bandai Namco's cult most loved series of flight sims is gearing up for a major comeback, taking the dogfighting action back to the alternate world of Strangereal for Ace Combat's present gen debut. The fast-paced aerial skirmishes look incredible whether you're steering from the first-person cockpit or a third-person view, and the campaign guarantees to contextualize the battlefield in the skies with a healthy dose of political interest and Top Gun-esque acting.  The person who owns a PlayStation VR headset gets the special reward of PS VR-exclusive missions that make you feel like you're really flying your very own fighter jet.



2. Resident Evil 2 Remake.


Release Date: January 25, 2019
Platform: PC, PlayStation 4, Xbox One
Genre: Survival Horror
Developer: Capcom

 Fans requested it, and Capcom has reacted in kind. The Resident Evil 2 remake takes you back to a survival horror classic. Reacquainting us with Leon Scott Kennedy and Claire Redfield as they battle for their lives in the infection tainted Raccoon City. And once the dust settled on E3 2018, it was clear that Resident Evil 2 Remake was one of the stars of the show. It's stunning to see how the Resident Evil 7 engine has improved the visual revamp of this 1998 classic: the very point by point zombies are covered in blood, slime, and rotting flesh, and the premonition environment look frighteningly lifelike. The third-person, over-the-shoulder camera should bring the gameplay more in line with modern expectations, making for some truly claustrophobic scares, and the reimagined cutscenes strive to be legitimately spine-chilling as they retell the original story. Put simply, this remake won't be for the faint of heart. 



 3. Kingdom Hearts 3


Release Date: January 29, 2019
Platform: PlayStation 4, Xbox One
Genre: Action RPG
Developer: Square Enix

 The Disney based game is at last set for a firm release date in January, and with it, a huge amount of new franchise are making their series debut in Kingdom Hearts 3. Confirmed to show up are characters and locals from Tangled, Big Hero 6, Toy Story, Monsters Inc., and Frozen. And plenty more that we've seen before, for example, Hercules and Pirates of the Caribbean. But the question is whether the gameplay of the PlayStation 2 period still holds up so many years later?

4. Crackdown 3


Release date: February 2019
Platforms: Xbox One, Microsoft Windows
Developers: Sumo Digital, Reagent Games, Cloudgine, Ruffian Games

 4 years after its debut at E3 2014, we still have no clue what's in store from Crackdown 3. We got a new trailer at Microsoft's conference this year, and it gave off an impression of being comprised of in-game footage, yet we're still just as clueless as you are for the most part. Terry Crews presently gives off an impression of being a prominent aspect of the game. And keeping in mind that we love Crews, his VO work in the latest trailer can be depicted as over the top at best.

 If you're willing to see how it look like then here's the latest short gameplay of Crackdown 3 by IGN.



5. Trials Rising


Initial release date: 12 February 2019
Genre: Racing
Platforms: PlayStation 4, Xbox One, Nintendo Switch, Microsoft Windows
Developers: Ubisoft, RedLynx, Ubisoft Ukraine

 The physics-based motorcycle stunt series is back with Trials Rising. The Trials community will be able to make and offer tracks with different players over the globe in this rendition. And you'll likewise have the option to customize your racer and bike with a large number of various items including helmets, jackets and trousers. There are a plenty of landmarks over the globe that will have tracks dependent on them. A lot of modes are incorporated, some new and some old. Declared so far are Tandem Mode, 4-Player offline co-op, Contracts, Asynchronous Challenges, and of course Online Multiplayer. The game looks like a blast to play solo or with friends. 

6. Anthem


Release Date: February 22, 2019
Platform: PC, PlayStation 4, Xbox One
Genre: Action Role-Playing
Developer: BioWare

 Arguably a standout amongst the most exciting games slated for 2019 is BioWare's hopeful come back to form in Anthem. The game surprised when it appeared at E3 in 2017, and after a year, it's still high on people's wishlist. The title joins third-person shooting and action RPG elements within a shared open world. 

 You play as a Freelancer taking part in third-person, Mass Effect-style shootouts, armored up in your Javelin exosuit to explore and eliminate within some gigantic alien biomes. Up to four players can adventure together within their customizable Javelin suits. The game is intended for a group, but single-player will be supported too.

 Related post: Anthem detailed preview




7. Metro Exodus

Release Date: February 15, 2019
Platform: PC, PlayStation 4, Xbox One
Genre: First-Person Shooter
Developer: 4A Games

 Metro Exodus is the third game in this criminally overlooked post-apocalyptic FPS series, transporting you to the irradiated ruins of modern civilization, now abounding with mutated creatures, which some way or another still manage to look beautiful. The game begins off from Last Light's "Redemption" ending and continues with the story of Artyom as he attempts to escape the Metro in Moscow. The title will see Artyom and his wife Anna attempt to travel far east to start a new life. However, that journey will be more unsafe than Artyom or Anna know. 

 Exodus will feature both sandbox environment and linear levels to progress the plot. The story will happen through the span of a year, with the game's dynamic climate and day-night cycle constantly showing signs of change regions dependent on the season.




8. Devil May Cry 5


Release Date: March 8, 2019
Platform: PC, PlayStation 4, Xbox One
Genre: Action-Adventure
Developer: Capcom

 Many conjectured that it would be Sony's E3 conference in which the much-rumored Devil May Cry 5 would make its appearance. But, no, quite an opposite in fact. Microsoft's E3 conference got the reveal of a game. And, fans of the series couldn't be more excited. 

 Both Dante and Nero will return as playable characters in DMC 5. A third playable character is also introduced. It feels really satisfying when your game's hero is surfing rockets like a surfboard directly into an evil demon's face? 

 For detailed Preview: Devil May Cry 5 | Release date, Gameplay preview, Trailer, News, & more..




9. Tom Clancy's The Division 2


Release Date: March 15, 2019
Platform: PC, PlayStation 4, Xbox One
Genre: Action RPG
Developer: Massive Entertainment

 The sequel of The Division moves from the streets of New York City into the country's capital. A civil war is breaking out within Washington D.C., and it's up to The Division to help squash it. Massive is bringing 8 player Raids into The Division 2. Also, the developers have guaranteed that three episodes of post-launch DLC, including new story content and game modes, will be made accessible to all players for free.




10. Sekiro: Shadows Die Twice


Release Date: 22 March 2019
Platform: PC, PlayStation 4, Xbox One
Genre: Adventure-Adventure
Developer: FromSoftware

 Sekiro: Shadows Die Twice comes to us from the same team that created Bloodborne for PlayStation 4. The game looks comparable in gameplay to Bloodborne and the developers' other outstanding work, the Dark Souls series. However, the game won't feature RPG elements nor multiplayer modes like the others do.

 The setting is sixteenth century Sengoku Japan. You play as a shinobi named Sekiro as the character attempts to take revenge on a samurai who recently assaulted Sekiro and kidnapped his lord. The samurai has disjoined one of Sekiro's arms, consequently prompting an in-game mechanic in which Sekiro can install different gadgets and accessories upon his prosthetic and upgrade them all through his adventure. 

 The most alluring feature spotted so far? A grappling hook, which could drastically change how we traverse the expertly made zones and arenas. Cool! Isn't it?




11. Mortal Kombat 11


Release Date: 23 April 2019
Platforms: PC, PS4, Xbox One, Switch
Developers: NetherRealm Studios

 Mortal Kombat has been one of the most popular fighters game in the world for decades. NetherRealm Studios announced Mortal Kombat 11 to the world in an official revealed trailer at The Game Awards 2018. Mortal Kombat 11 will release on 23 April 2019 for multiple platforms including PC, PS4, Xbox One, Switch. The trailer for Mortal Kombat 11 was typically bloodier. With heads being removed from bodies and blood flowing freely. Also, the trailer seems to feature just how detailed the brutality zoom-ins will be in the new game. Preorders for both console and PC start on December 7, 2018, Although there's no word on when the game's beta access period will start.
12. Days Gone

Release Date: April 26, 2019
Platform: PlayStation 4
Genre: Survival-Horror, Action-Adventure
Developer: SIE Bend

 The more we see of Sony Bend's Days Gone the more the upcoming title seems to impress. Gone are the days of thinking the project is "simply one more zombie game". Rather, it's demonstrated to give a convincing lived in world in which you constantly stumble upon environmental hazards. And because of 'not just any zombie game' it has been the most anticipated game for a long time, lastly, it will release on 26 April 2019.

 For a detailed preview: Days Gone | PS4 Release date, Gameplay, news & more...




13. Team Sonic Racing

Release Date: 21 May 2019
Platforms: PlayStation 4, Xbox One, Nintendo Switch, Microsoft Windows
Developer: Sumo Digital

 Sonic and his numerous buddies are back for their third kart-racing competition - and before you ask, Sonic races in a car as a handicap because there'd be no challenge if he was running on his foot. Sumo Digital, the same developer behind the splendid Sonic All-Stars Racing games, is back for Team Sonic Racing, which focuses exclusively on the Sonic universe and places drivers in groups as they compete for a combined score instead of pole position. It's certainly a takeoff from the more conventional arcade racing of the past games, and the Sonic focus, unfortunately, avoids all that superbly obscure Sega fan service. But, the dynamic visuals and finely tuned fundamentals are still there, with all the boosting, item-blasting, and mid-air tricking you could seek after.



14. Rage 2


Release Date: May 14, 2019
Platform: PC, PlayStation 4, Xbox One
Genre: First-Person Shooter
Developer: Avalanche Studios, id Software

 The infamous Walmart leak of 2018 spoiled the reveal of Rage 2 for the majority. Many people questioned the legitimacy of the retailer's listing, but when a franchise as obscure as Rage was confirmed just as the leak predicted, we realized it had to be legit. The game looks to be a fabulously frantic mashup of Doom and Mad Max. Which well makes sense considering id developed Doom and Avalanche developed Mad Max.

 Players wander the game's apocalyptic open world after a giant asteroid devastates the majority of mankind, the survivors need to fight for themselves against armies of horrendous bandits and mutants with deadly tendencies. And also, Rage 2 brings back the deadly boomerang known as the wingstick, and amps up the firefights with a lot of dashing and an adrenaline-pumping, neon-soaked berserker mode.



15. Shenmue 3


Release Date: 27 August 2019
Platform: PC, PlayStation 4
Genre: Action-Adventure
Developers: YS Net, Neilo

 The Shenmue series was never a huge commercial success, but thanks to some extent to Kickstarter and a large number of fans' hard-earned dollars, the project is completely in progress. In Shenmue 3, you'll play the job of a martial artist named Ryo Hazuki as he attempts to reveal who is responsible for his dad's murder. The game guarantees to have gameplay reminiscent of the past titles, enabling players to go up against enemies in hand-to-hand combat, upgrade combat abilities, and explore a living world loaded with towns, shops, and an active populous.


So these are the upcoming games of 2019 with confirmed release dates, We'll keep updating this list as soon as any other release date is confirmed, so stay in touch with the "Pro-Bros Arena"





Posted by at No comments:

Saturday, September 12, 2020

Movie Reviews: A Star Is Born, Bohemian Rhapsody, Christopher Robin, Eighth Grade, First Man

See all of my movie reviews.

A Star is Born (2018) - Bradley Cooper directs, writes, and stars in this third (at least) remake of the 1937 story. He is joined by the captivating and talented Lady Gaga. I assume you know the story, so here be general spoilers.

The original story is about a talented man whose best days are behind him. He is on the way out, but he finds and starts the career of the young woman. They fall in love. He is depressed, not only because he is no longer wanted, and is an alcoholic, but because he can't take the idea of a youngster and a woman besting him. Meanwhile, out of love - or maybe out of what is expected of a woman - she is on the verge of giving up her career because she thinks she can save him if they live a normal life. He overhears this and decides to end his life, either because he has finally reached bottom or so as not to allow her to give up her dreams for him.

This remake downplays the parts that make it seem like it is natural for her to give up her stardom for his sake. He has a drug and alcohol problem. She doesn't consider giving up her career, although she makes an attempt to get him booked on her tour, threatening to not do her tour if he is not allowed to join her. Her manager is a creep who flat out tells him that he is in her way, which leads him to end his life; this is far more sinister than having him overhear a conversation he should not have heard.

This is a pretty good movie, with good original music. Everyone gives a solid performance, and most of the camera work and directing is excellent (I had one or two minor quibbles, nothing major). The leads have good chemistry, and Lady Gaga's singing can blow you away; I suppose some will complain that no one can sing like Barbra Streisand in the second remake from 1976, but that movie wasn't as good as this one.

It is emotionally draining, however, if you have a hard time watching someone resort to suicide (not graphic, but the scene is long) or a woman having to deal with a lover who is an alcoholic and drug addict. Just so you know.

Bohemian Rhapsody - A biopic of Freddie Mercury of Queen, and also the story of Queen, from its founding until Live Aid. The main plot elements are Freddie vs his girlfriend Mary (as he comes to realize he is gay), Freddie vs his manager, Freddy vs some boyfriends and the swinging 80's lifestyle, Freddy vs his family and his traditional background, Freddy vs his contracting AIDS (only superficially covered), and Freddy vs his band-mates.

If you love Queens's music, of course you will love the movie. If you hate Queen's music ... what's wrong with you? Some of their songs, like We Will Rock You and We Are the Champions, seem like they were chiseled out of music itself. On its own merits, Rami Malek does a great job as Freddy, and Lucy Boynton as Mary and Gwilym Lee as Brian May also shine, as does the rest of the cast. The plot is captivating, since Freddy seems equal parts genius arranger and singer, but also self-destructive and helpless. Mary, if you believe the movie, is the one who drags him back into sanity, even while she is kept apart from him due to his sexuality.

As an ending to the movie, Live Aid, while a lovely concert, doesn't really answer all of the questions. If you know the real story, you know that a lot of the early days are skipped over or compressed (they went through a bunch of bass guitarists and their first album was not a great success), Live Aid was a phenomenal triumph, and the story continues to the early 90's. So threads are left dangling.

But it doesn't matter. Good performances and great music, an interesting portrait of a tormented genius. Not the best movie ever made, but worth watching.

Christopher Robin - Ewan McGregor plays a grown up Christopher Robin, famous son of A. A. Milne, who works as an efficiency expert in London and who is tasked with firing a bunch of people unless he can figure out a way to save their jobs. He runs into Pooh Bear who needs Christopher Robin to help him find more honey in the 100 acre woods. CR tries to make sense of this, and they go on several adventures. Everyone learns something by the end of the movie.

The closest analogy here would be Hook (Robin Williams). It's an okay movie, though rather childish and cliche. Kids will probably enjoy it. I got a bit bored.

It's a little odd to see this movie after last' year's Goodbye Christopher Robin, which painted a rather grimmer picture of CR's relationship to his father's stories.

Eighth Grade - A good but intense look at a high school girl (Elsie Fisher) who spends all of her time, and tries to find all of her validation, on social media. Her real life, unfortunately, doesn't conform to her expectations from her virtual one. Not only does she have low self-esteem and low popularity and fall for the wrong boy, she also runs head on into a few moments of real danger and harassment that up the significance of what happens in real life.

Josh Hamilton plays her single father, desperately trying to help and support her while she fights to keep him out. It's not an easy movie to watch, but it's a fairly good one.

First Man - A biopic of Neil Armstrong, and also the story of the mission to land a man on the moon. Unlike Bohemian Rhapsody, in which the focus on one character made the story interesting, I wan't as happy here. Neil has a few problems with his wife and kids, but not really; I'm pretty sure most of the problems were invented by the screenwriters. The conflict with his wife was not believably portrayed. Meanwhile, all the parts about the moon landing were fascinating, but they were not the main focus of the movie.

The movie makes several other mistakes. Instead of a grand story of triumphs and tragedies (i/e, what really happened), the story concentrates solely on a series of tragedies (real ones). I guess that's the screenwriter's way of ratcheting up the tension, but it a) makes the story very narrow and small, making it more like a Marvel movie than a real story, and b) it makes it unrealistic: why would anyone continue with a program that fails so tragically and continuously over and over, killing people each time? Of course, that wasn't the real or entire story. But we don't get to hear the real or entire story.

The worst parts for me were a) the long sequences of shaking cameras that simulated the shaking rockets and flights. One such sequence of reasonable length in a movie is great. This movie does this at least three times, for 20 minutes each time. At some point it moves from being a good simulation to being distracting and unwatchable. Enough already. 2) About sixty percent of the movie is a closeup of someone's face. This is the same mistake used in Jackie. Again: a few face closeups are great but 60% of the screen-time spent on face closeups is not, It's just pretentious, distancing, and annoying. Which is a crying shame, because the cinematography of the other 40% is beautiful.

Aside from all that was bad about the movie, the movie did everything else  well: well acted, well scored, well paced, and an important piece of history. For what its worth, my fellow movie-goers (friends) liked the movie.
Posted by at No comments:

Suzy Cube Update: May 25, 2018

#SuzyCube #gamedev #indiedev #madewithunity @NoodlecakeGames 
My apologies! The day just flew right by and I only realized I forgot to write an update about three hour ago! Another packed week, but mostly bug fixes, so let's dive in!
Read more »
Louard's game design sounding board and home of the Pro's and Con's reviews.
Posted by at No comments:

Thursday, September 3, 2020

Good People Doing Cool Things…


Just read an email from one of the original DFG Kickstarter backers, James.

James helped me out quite a bit in my KS giving feedback, making videos and just chatting about the Kickstarter, the industry and life in general. James is good people and I am more than happy to help any way I can.

James started up his own company and miniatures line. Reclusive Phoenix, is running a kickstarter (Slumbering Oblivion: Cthulhuinspired game miniatures







The minis look great! If you like Cthulhu or creature minis to use in other games, please go give it a look, if you are short on funds now or it's not your cup of tea, you can still help by spreading the news.

I don't know about you, but I am really loving that Murguba :P
Posted by at No comments:

Sunday, August 30, 2020

Practical Dictionary Attack On IPsec IKE

We found out that in contrast to public knowledge, the Pre-Shared Key (PSK) authentication method in main mode of IKEv1 is susceptible to offline dictionary attacks. This requires only a single active Man-in-the-Middle attack. Thus, if low entropy passwords are used as PSKs, this can easily be broken.

This week at the USENIX Security conference, Dennis Felsch will present our research paper on IPsec attacksThe Dangers of Key Reuse: Practical Attacks on IPsec IKE. [alternative link to the paper]

In his blog post, Dennis showed how to attack the public key encryption based authentication methods of IKEv1 (PKE & RPKE) and how to use this attack against IKEv2 signature based authentication method. In this blog post, I will focus on another interesting finding regarding IKEv1 and the Pre-Shared Key authentication.

IPsec and Internet Key Exchange (IKE)

IPsec enables cryptographic protection of IP packets. It is commonly used to build VPNs (Virtual Private Networks). For key establishment, the IKE protocol is used. IKE exists in two versions, each with different modes, different phases, several authentication methods, and configuration options. Therefore, IKE is one of the most complex cryptographic protocols in use.

In version 1 of IKE (IKEv1), four authentication methods are available for Phase 1, in which initial authenticated keying material is established: Two public key encryption based methods, one signature based method, and a PSK (Pre-Shared Key) based method.

The relationship between IKEv1 Phase 1, Phase 2, and IPsec ESP. Multiple simultaneous Phase 2 connections can be established from a single Phase 1 connection. Grey parts are encrypted, either with IKE derived keys (light grey) or with IPsec keys (dark grey). The numbers at the curly brackets denote the number of messages to be exchanged in the protocol.

Pre-Shared Key authentication

As shown above, Pre-Shared Key authentication is one of three authentication methods in IKEv1. The authentication is based on the knowledge of a shared secret string. In reality, this is probably some sort of password.

The IKEv1 handshake for PSK authentication looks like the following (simplified version):


In the first two messages, the session identifier (inside HDR) and the cryptographic algorithms (proposals) are selected by initiator and responder. 

In messages 3 and 4, they exchange ephemeral Diffie-Hellman shares and nonces. After that, they compute a key k by using their shared secret (PSK) in a PRF function (e.g. HMAC-SHA1) and the previously exchanged nonces. This key is used to derive additional keys (ka, kd, ke). The key kd is used to compute MACI over the session identifier and the shared diffie-hellman secret gxy. Finally, the key ke is used to encrypt IDI (e.g. IPv4 address of the peer) and MACI

Weaknesses of PSK authentication

It is well known that the aggressive mode of authentication in combination with PSK is insecure and vulnerable against off-line dictionary attacks, by simply eavesedropping the packets. For example, in strongSwan it is necessary to set the following configuration flag in order to use it:
charon.i_dont_care_about_security_and_use_aggressive_mode_psk=yes

For the main mode, we found a similar attack when doing some minor additional work. For that, the attacker needs to waits until a peer A (initiator) tries to connect to another peer B (responder). Then, the attacker acts as a man-in-the middle and behaves like the peer B would, but does not forward the packets to B.

From the picture above it should be clear that an attacker who acts as B can compute (gxy) and receives the necessary public values session ID, nI, nR. However, the attacker does not know the PSK. In order to mount a dictionary attack against this value, he uses the nonces, and computes a candidate for for every entry in the dictionary. It is necessary to make a key derivation for every k with the values of the session identifiers and shared Diffie-Hellmann secret the possible keys ka, kd and ke. Then, the attacker uses ke in order to decrypt the encrypted part of message 5. Due to IDI often being an IP address plus some additional data of the initiator, the attacker can easily determine if the correct PSK has been found.

Who is affected?

This weakness exists in the IKEv1 standard (RFC 2409). Every software or hardware that is compliant to this standard is affected. Therefore, we encourage all vendors, companies, and developers to at least ensure that high-entropy Pre-Shared Keys are used in IKEv1 configurations.

In order to verify the attack, we tested the attack against strongSWAN 5.5.1.

Proof-of-Concept

We have implemented a PoC that runs a dictionary attack against a network capture (pcapng) of a IKEv1 main mode session. As input, it also requires the Diffie-Hellmann secret as described above. You can find the source code at github. We only tested the attack against strongSWAN 5.5.1. If you want to use the PoC against another implementation or session, you have to adjust the idHex value in main.py.

Responsible Disclosure

We reported our findings to the international CERT at July 6th, 2018. We were informed that they contacted over 250 parties about the weakness. The CVE ID for it is CVE-2018-5389 [cert entry].

Credits

On August 10th, 2018, we learned that this attack against IKEv1 main mode with PSKs was previously described by David McGrew in his blog post Great Cipher, But Where Did You Get That Key?. We would like to point out that neither we nor the USENIX reviewers nor the CERT were obviously aware of this.
On August 14th 2018, Graham Bartlett (Cisco) email us that he presented the weakness of PSK in IKEv2 in several public presentations and in his book.
On August 15th 2018, we were informed by Tamir Zegman that John Pliam described the attack on his web page in 1999.

FAQs

  • Do you have a name, logo, any merchandising for the attack?
    No.
  • Have I been attacked?
    We mentioned above that such an attack would require an active man-in-the-middle attack. In the logs this could look like a failed connection attempt or a session timed out. But this is a rather weak indication and no evidence for an attack. 
  • What should I do?
    If you do not have the option to switch to authentication with digital signatures, choose a Pre-Shared Key that resists dictionary attacks. If you want to achieve e.g. 128 bits of security, configure a PSK with at least 19 random ASCII characters. And do not use something that can be found in public databases.
  • Am I safe if I use PSKs with IKEv2?
    No, interestingly the standard also mentions that IKEv2 does not prevent against off-line dictionary attacks.
  • Where can I learn more?
    You can read the paper[alternative link to the paper]
  • What else does the paper contain?
    The paper contains a lot more details than this blogpost. It explains all authentication methods of IKEv1 and it gives message flow diagrams of the protocol. There, we describe a variant of the attack that uses the Bleichenbacher oracles to forge signatures to target IKEv2. 
Related articles
  1. Pentest Recon Tools
  2. Pentest Tools List
  3. Pentest Automation Tools
  4. Top Pentest Tools
  5. Hack Tools
  6. Hacking Tools And Software
  7. Hacker
  8. Hacker Techniques Tools And Incident Handling
  9. Hack Tools Mac
  10. Hackers Toolbox
  11. Top Pentest Tools
  12. Pentest Tools Subdomain
  13. Hacker
  14. Pentest Tools Online
  15. Hacking Tools For Windows
  16. Hack Tools Online
  17. Best Hacking Tools 2020
  18. Pentest Tools For Android
  19. Pentest Tools For Windows
  20. Hacking Tools Online
  21. Hack Tools Pc
  22. Hacker Tools For Windows
  23. Hacking Tools Mac
  24. Hack Tools For Windows
  25. Hack Tool Apk No Root
  26. How To Hack
  27. Hack Tool Apk
  28. Hacking Tools Pc
  29. Pentest Tools List
  30. Pentest Recon Tools
  31. Hacking Tools Hardware
  32. Hacker Security Tools
  33. Hacking Tools Hardware
  34. Hacking Tools 2019
  35. Pentest Reporting Tools
  36. Pentest Tools For Ubuntu
  37. Hacker Tools 2020
  38. Hacking Tools Windows
  39. Ethical Hacker Tools
  40. Hacking Tools Pc
  41. Hacker Techniques Tools And Incident Handling
  42. Underground Hacker Sites
  43. What Is Hacking Tools
  44. Hacking Tools For Games
  45. Pentest Box Tools Download
  46. Free Pentest Tools For Windows
  47. Physical Pentest Tools
  48. Pentest Tools Github
  49. Pentest Tools Linux
  50. Hack Tools For Ubuntu
  51. Hack Tools 2019
  52. Hacking Tools Kit
  53. Hack Tools
  54. Install Pentest Tools Ubuntu
  55. Pentest Tools List
  56. Hack Tools
  57. Beginner Hacker Tools
  58. Hacking Tools And Software
  59. Hack Tools Pc
  60. Hack Tools For Windows
  61. Hack Tools Pc
  62. Pentest Tools Free
  63. Hack Apps
  64. Hak5 Tools
  65. Top Pentest Tools
  66. Hacker Hardware Tools
  67. Bluetooth Hacking Tools Kali
  68. Hacker Tools For Pc
  69. Hacking Apps
  70. Hack Tools For Games
  71. World No 1 Hacker Software
  72. Hak5 Tools
  73. Bluetooth Hacking Tools Kali
  74. How To Hack
  75. Pentest Tools
  76. Hacker Tools 2020
  77. Beginner Hacker Tools
  78. Pentest Tools Review
  79. Pentest Box Tools Download
  80. Pentest Tools Website Vulnerability
  81. Hack Tools For Mac
  82. Blackhat Hacker Tools
  83. Hack Tools Download
  84. Hacker Techniques Tools And Incident Handling
  85. How To Install Pentest Tools In Ubuntu
  86. What Are Hacking Tools
  87. Pentest Recon Tools
  88. Pentest Tools Windows
  89. Nsa Hacker Tools
  90. Ethical Hacker Tools
  91. Growth Hacker Tools
  92. Pentest Tools Android
  93. Hacker Tools For Pc
  94. Hacking Tools For Pc
  95. Hacker Tools Apk Download
  96. Hack And Tools
Posted by at No comments:
Subscribe to: Posts (Atom)