[prev in list] [next in list] [prev in thread] [next in thread] 

List:       strongswan-users
Subject:    Re: [strongSwan] RSASIG+ENCRYPT+TUNNEL+PFS
From:       Andreas Steffen <andreas.steffen () strongswan ! org>
Date:       2007-08-18 5:21:59
Message-ID: 46C681F7.5060803 () strongswan ! org
[Download RAW message or body]

Radek Antoniuk wrote:
> 2007/8/18, Jianqing Zhang <arrow.jianqing@gmail.com>:
>> I use "ipsec statusall" to check the and policy cryptography.
>>
>> The policy name is RSASIG+ENCRYPT+TUNNEL+PFS. I can guess the meaning of
>> RSASIG, ENCRYPT and TUNNEL, but what does PFS mean?
> 
> Perfect Forward Secrecy.
> Read about IPSEC implementation.
> 
> 
>> For ESP algorithms, I find the number: 12_128-2_160, 3_192-1_128, what does
>> it mean? Symbol of AES or 3DES or something else?
> 
> I'd guess those are the lengths of IKE algs.
> 
The command

  ipsec listalgs

lists the numbers registered with IANA for the
IKE and ESP crypto algorithms:

000 List of registered ESP Encryption Algorithms:
000
000 #2     ESP_DES, blocksize: 8, keylen: 64-64
000 #3     ESP_3DES, blocksize: 8, keylen: 192-192
000 #7     ESP_BLOWFISH, blocksize: 8, keylen: 40-448
000 #11    ESP_NULL, blocksize: 0, keylen: 0-0
000 #12    ESP_AES, blocksize: 8, keylen: 128-256
000 #252   ESP_SERPENT, blocksize: 8, keylen: 128-256
000 #253   ESP_TWOFISH, blocksize: 8, keylen: 128-256
000
000 List of registered ESP Authentication Algorithms:
000
000 #1     AUTH_ALGORITHM_HMAC_MD5, keylen: 128-128
000 #2     AUTH_ALGORITHM_HMAC_SHA1, keylen: 160-160
000 #5     AUTH_ALGORITHM_HMAC_SHA2_256, keylen: 256-256
000 #251   AUTH_ALGORITHM_NULL, keylen: 0-0

Thus 12_128-2_160 is AES (128 bits) with SHA1 (160 bits)
and 3_192-1_128 is 3DES (192 bits incl. parity) with MD5 (128 bits)

Regards

Andreas

======================================================================
Andreas Steffen                         andreas.steffen@strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute of Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic