[Openswan Users] Implementing proprietary cipher in Openswan
Brian Candler
B.Candler at pobox.com
Fri May 26 10:59:47 CEST 2006
On Fri, May 26, 2006 at 10:17:18AM +0200, Mihajlo Cvetanovi?? wrote:
> I would like to implement my own proprietary cipher, so I guess the most
> apropriate method is to implement it into something called CryptoApi (of
> which I don't know anything about at the moment). Could somebody give me
> some useful hints & links to get me started? I would need help both on
> CryptoApi implementation, and integration with Openswan. I'm working
> with FC5 2.6.15, ipsec 2.4.5 (klips). Thanks in advance.
First read a bit of history. Phil Zimmermann, when he wrote PGP 1.0, used a
symmetric cipher of his own design ("Bass-O-Matic"), because DES had too
short a key, and he didn't know of any other ciphers at the time.
Bass-o-matic soon turned out to be fatally flawed, and he was forced to
replace it with a properly designed cipher (in this case IDEA).
The moral is: unless you are an expert cryptographer and mathematician - by
which I mean far more of an expert than the person who wrote PGP - then you
are unlikely to be able to design a cipher which has any chance of
withstanding cryptographic attack.
However, if you *are* this much of a cryptography expert, then IMO you can
certainly work out for yourself how to plug into a crypto API.
Regards,
Brian.
More information about the Users
mailing list