[Openswan dev] [Openswan Users] arbitrary key length in openswan's manual keying mode (fwd)

[Michael Richardson]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


    Hong> want to use an arbitrary size of key for manual mode. In
    Hong> manual keying scenario, I enter hexa number into the manual
    Hong> conf file. However, there are only three specified options
    Hong> available according to the ipsec of linux. e.g. 3des |
    Hong> 3des-md5-96(192 bit, 128 bit) | 3des-sha1-96(192 bit, 160 bit)
    Hong> which follows a certain RFC. My question is that "is it
    Hong> possible to use varied length of bits for each key such as a
    Hong> larger size(192 bit, 384 bit)?" Which source code do I have to
    Hong> look up?    

  You can't do that.
  You don't want to.

  If you need a different stength then you need to use a different
algorithm, such as AES. And, no we do not support strange sized keys for
AES either, nor do you want to.

- -- 
]            Bear: "Me, I'm just a the shape of a bear."        |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
] mcr at xelerance.com      http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Finger me for keys

iQEVAwUBRQYUNYCLcPvd0N1lAQJy4Af+N/iRFkfIObecJW6zmV4X6aJ22hvBiQ2g
KRvvoKNQaoYteUmL933uPghxg+Hn9LcVM0ir2Gfp8g3krqDGCmkPAY8pV8PLhYtG
OnWTPCn61fZRCfxCA0f5XMa7D3ThwHDvZyuuUYTZKgpTLci7g3Zp3F3tNI21Mo01
HOaBffpokNnD8GquB6SMEn0ihUBheItRW6BF2vd9hTETqGW344kyXrPQ94iKhUjs
lPceQDmO5ujO2qQ1EzKm72fdksQuaun9TZkbJnhpJaVzbu21wb3Nqg1uSt9IHV9p
eR9qGhqZoie6DPOD84pFY6AL452MX+LdB3na2JTE0vlvUjQNxUh2mg==
=qWiT
-----END PGP SIGNATURE-----