Return to Answer

Summary: Aggressive Mode is not really less secure than Main Mode. Both can be broken and both can be broken by the same attack. The difference is only, to get the values required for such an attach, it's enough to be able to sniff some traffic in Aggressive Mode (just sniffing two packets is enough), whereas in case of Main Mode you must perform a man-in-the-middle attack on the DH Key Exchange to even get the required values to make the attack possible. Once you have the value, it's equally hard to guess the PSK.

Summary: Aggressive Mode is not really less secure than Main Mode. Both can be broken and both can be broken by the same attack. The difference is only, to get the values required for such an attack, it's enough to be able to sniff some traffic in Aggressive Mode (just sniffing two packets is enough), whereas in case of Main Mode you must perform a man-in-the-middle attack on the DH Key Exchange to even get the required values to make the attack possible. Once you have the value, it's equally hard to guess the PSK.

Summary: Aggressive Mode is not really less secure than Main Mode. Both can be broken and both can be broken by the same attack. The difference is only, to get the values required for such an attach, it's enough to be able to sniff some traffic in Aggressive Mode (just sniffing one packet is enough), whereas in case of Main Mode you must perform a man-in-the-middle attack on the DH Key Exchange to even get the required values to make the attack possible. Once you have the value, it's equally hard to guess the PSK.

Summary: Aggressive Mode is not really less secure than Main Mode. Both can be broken and both can be broken by the same attack. The difference is only, to get the values required for such an attach, it's enough to be able to sniff some traffic in Aggressive Mode (just sniffing two packets is enough), whereas in case of Main Mode you must perform a man-in-the-middle attack on the DH Key Exchange to even get the required values to make the attack possible. Once you have the value, it's equally hard to guess the PSK.

Aggressive Mode on the other hand, sends the hashed PSK together with the DH Key Exchange payloads, as well as all the values required to calculate the hash in the very first packet and this packet cannot be encrypted because the key exchange has not yet completed. Same goes for the answer that also isn't encrypted as it just finalizes the key exchange but it already contains the calculated hash from the other sides and all the values required to verify it. So an attacker, who can just read interchanged traffic, will get the unencrypted hash and also has access to all values that are required to calculate it, except for the PSK itself, of course. Now all that an attacker has to do is brute forcing the PSK, which can be very easy, if it is a poor PSK that is either very short, very simple or cannot stand up to a dictionary attack.

Aggressive Mode on the other hand, sends the hashed PSK together with the DH Key Exchange payloads, as well as all the values required to calculate the hash in the very first responder packet and this packet cannot be encrypted because the key exchange has not yet completed. So an attacker, who can just read interchanged traffic, will get the unencrypted hash and also has access to all values that are required to calculate it, except for the PSK itself, of course. Now all that an attacker has to do is brute forcing the PSK, which can be very easy, if it is a poor PSK that is either very short, very simple or cannot stand up to a dictionary attack.