[Openswan Users] openswan and PreSharedKeys

Agent Smith news8080 at yahoo.com
Tue Apr 1 13:13:39 EDT 2008


I found it documented on the freeswan/Cisco site that
this is correct. It'd be nice although to get some
confirmation from someone else here. The damn RFC for
okalay is cryptic as hell. 

http://www.freeswan.org/freeswan_trees/freeswan-1.95/doc/glossary.html#PFS
http://www.cisco.com/warp/public/105/IPSECpart1.html
http://www.jacco2.dds.nl/networking/openswan-l2tp.html#PFS




--- Agent Smith <news8080 at yahoo.com> wrote:

> This might be a slightly off topic so forgive me..
> 
> We have a need to configure some 50 or so IPSEC
> host<->GTW with GTW running openswan tunnels and we
> plan to use same shared secret/DH 2/3DES-SHA1/PFS/
> 
> The question is how safe is that? I can care less if
> someone who knows the key is able to "IPSEC in" to
> the
> GTW, I just don't want someone to snoop traffic and
> with the knowledge of the key and break open those
> encrypted packets.
> 
> My reading about this tells me that this can't be
> done
> because the preshared key is just used as a 'salt'
> to
> calculate actual key used for encryption so JUST
> knowing the key won't help you break open the
> capture
> off of wire. 
> 
> or is that not true..
> 
> 
> 
> 
>      
>
____________________________________________________________________________________
> You rock. That's why Blockbuster's offering you one
> month of Blockbuster Total Access, No Cost.  
> http://tc.deals.yahoo.com/tc/blockbuster/text5.com
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks
> with Openswan: 
>
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
> 



      ____________________________________________________________________________________
You rock. That's why Blockbuster's offering you one month of Blockbuster Total Access, No Cost.  
http://tc.deals.yahoo.com/tc/blockbuster/text5.com


More information about the Users mailing list