[Openswan Users] Single DES
Mark-Andre Hopf
mhopf at innominate.com
Wed Apr 7 14:16:58 CEST 2004
On Tue 06.04. 13:37, Tiago Freitas Leal wrote:
> Ok, I know single DES is insecure.
>
> On CHANGES.ipsec_alg says:
> [quote]
> - kernel module (ipsec_1des.o) will WARN everytime
> a new ipsec_sa creates a des context, unless
> loaded as "modprobe ipsec_1des I_know_1des_is_insecure=1"
> [unquote]
>
> This is not correct. The passphrase is:
> I_know_des_is_insecure=1
>
> But this only enables single DES on ESP phase.
Err... no. This just adds the DES algorithm so the ESP routines in the
kernel can use it when they need to.
> How can I use single DES on IKE phase?
Via /etc/ipsec.conf. Please see 'man ipsec.conf' for further details and
look for something like
ike=aes128-sha,aes128-md5
esp=aes128-sha1,aes128-md5
Bye,
Mark
--
mhopf at innominate.com
dipl.-inf. Innominate Security Technologies AG
software engineer enabling security
tel: +49.30.6392-3300 http://www.innominate.com/
More information about the Users
mailing list