[Openswan Users] openswan and PreSharedKeys
news8080 at yahoo.com
Tue Apr 1 13:13:39 EDT 2008
I found it documented on the freeswan/Cisco site that
this is correct. It'd be nice although to get some
confirmation from someone else here. The damn RFC for
okalay is cryptic as hell.
--- Agent Smith <news8080 at yahoo.com> wrote:
> This might be a slightly off topic so forgive me..
> We have a need to configure some 50 or so IPSEC
> host<->GTW with GTW running openswan tunnels and we
> plan to use same shared secret/DH 2/3DES-SHA1/PFS/
> The question is how safe is that? I can care less if
> someone who knows the key is able to "IPSEC in" to
> GTW, I just don't want someone to snoop traffic and
> with the knowledge of the key and break open those
> encrypted packets.
> My reading about this tells me that this can't be
> because the preshared key is just used as a 'salt'
> calculate actual key used for encryption so JUST
> knowing the key won't help you break open the
> off of wire.
> or is that not true..
> You rock. That's why Blockbuster's offering you one
> month of Blockbuster Total Access, No Cost.
> Users at openswan.org
> Building and Integrating Virtual Private Networks
> with Openswan:
You rock. That's why Blockbuster's offering you one month of Blockbuster Total Access, No Cost.
More information about the Users