[Openswan Users] AES with 256 bits of block size!
Dariush Zahedmanesh
zahedmanesh at gmail.com
Tue Dec 23 04:13:46 EST 2008
Hi paul
we changed the config file as you said, but there was an error as follow:
esp string error: enc_alg not found, enc_alg="aes_", auth_alg="sha1",
modp=""
we think that the correct syntax is "ike=aes-256 and esp=aes-256", but it is
nothing to do with
the block size. (it only changes the key size not the block size).
It seems that in order to change the block size of AES in openswan the
source code should be changed. Because it is defined in
openswan-2.4.8/linux/include/crypto/aes.h as follow:
#Define AES_BLOCK_SIZE 16 (which means that the block size is fixed to 128
bits)
Thanks for your attention.
On Mon, Dec 22, 2008 at 8:45 PM, Paul Wouters <paul at xelerance.com> wrote:
> On Mon, 22 Dec 2008, Dariush Zahedmanesh wrote:
>
> > Hello all
> > I'd like to use AES algorithm with 256 length of block size, to avoidance
> of
> > birthday attack.
> > I changed (#Define AES_BLOCK_SIZE) to 32, but after running ipsec the vpn
> > tunnel didn't up.
> > can any one help me to use AES with 256 bits of block size?
> > Thanks in advance.
>
> Don't change code. ike=aes_256 and esp=aes_256 should do the job I think?
>
> Paul
>
--
Dariush Zahedmanesh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20081223/8f41c3ac/attachment.html
More information about the Users
mailing list