[Openswan Users] openswan and PreSharedKeys

Agent Smith news8080 at yahoo.com
Sat Mar 29 12:20:33 EDT 2008

This might be a slightly off topic so forgive me..

We have a need to configure some 50 or so IPSEC
host<->GTW with GTW running openswan tunnels and we
plan to use same shared secret/DH 2/3DES-SHA1/PFS/

The question is how safe is that? I can care less if
someone who knows the key is able to "IPSEC in" to the
GTW, I just don't want someone to snoop traffic and
with the knowledge of the key and break open those
encrypted packets.

My reading about this tells me that this can't be done
because the preshared key is just used as a 'salt' to
calculate actual key used for encryption so JUST
knowing the key won't help you break open the capture
off of wire. 

or is that not true..

You rock. That's why Blockbuster's offering you one month of Blockbuster Total Access, No Cost.  

More information about the Users mailing list