[Openswan Users] Single DES

Mark-Andre Hopf mhopf at innominate.com
Wed Apr 7 14:16:58 CEST 2004

On Tue 06.04. 13:37, Tiago Freitas Leal wrote:

>    Ok, I know single DES is insecure.
>    On CHANGES.ipsec_alg says:
>    [quote]
>    - kernel module (ipsec_1des.o) will WARN everytime
>      a new ipsec_sa creates a des context, unless
>      loaded as "modprobe ipsec_1des I_know_1des_is_insecure=1"
>    [unquote]
>    This is not correct. The passphrase is:
>    I_know_des_is_insecure=1
>    But this only enables single DES on ESP phase. 

Err... no. This just adds the DES algorithm so the ESP routines in the
kernel can use it when they need to.

>    How can I use single DES on IKE phase?

Via /etc/ipsec.conf. Please see 'man ipsec.conf' for further details and
look for something like



mhopf at innominate.com
dipl.-inf.                        Innominate Security Technologies AG
software engineer                                   enabling security
tel: +49.30.6392-3300                      http://www.innominate.com/

More information about the Users mailing list