[Openswan Users] openswan and PreSharedKeys
Agent Smith
news8080 at yahoo.com
Sat Mar 29 12:20:33 EDT 2008
This might be a slightly off topic so forgive me..
We have a need to configure some 50 or so IPSEC
host<->GTW with GTW running openswan tunnels and we
plan to use same shared secret/DH 2/3DES-SHA1/PFS/
The question is how safe is that? I can care less if
someone who knows the key is able to "IPSEC in" to the
GTW, I just don't want someone to snoop traffic and
with the knowledge of the key and break open those
encrypted packets.
My reading about this tells me that this can't be done
because the preshared key is just used as a 'salt' to
calculate actual key used for encryption so JUST
knowing the key won't help you break open the capture
off of wire.
or is that not true..
____________________________________________________________________________________
You rock. That's why Blockbuster's offering you one month of Blockbuster Total Access, No Cost.
http://tc.deals.yahoo.com/tc/blockbuster/text5.com
More information about the Users
mailing list