[prev in list] [next in list] [prev in thread] [next in thread]
List: strongswan-users
Subject: Re: [strongSwan] RSASIG+ENCRYPT+TUNNEL+PFS
From: Andreas Steffen <andreas.steffen () strongswan ! org>
Date: 2007-08-18 5:21:59
Message-ID: 46C681F7.5060803 () strongswan ! org
[Download RAW message or body]
Radek Antoniuk wrote:
> 2007/8/18, Jianqing Zhang <arrow.jianqing@gmail.com>:
>> I use "ipsec statusall" to check the and policy cryptography.
>>
>> The policy name is RSASIG+ENCRYPT+TUNNEL+PFS. I can guess the meaning of
>> RSASIG, ENCRYPT and TUNNEL, but what does PFS mean?
>
> Perfect Forward Secrecy.
> Read about IPSEC implementation.
>
>
>> For ESP algorithms, I find the number: 12_128-2_160, 3_192-1_128, what does
>> it mean? Symbol of AES or 3DES or something else?
>
> I'd guess those are the lengths of IKE algs.
>
The command
ipsec listalgs
lists the numbers registered with IANA for the
IKE and ESP crypto algorithms:
000 List of registered ESP Encryption Algorithms:
000
000 #2 ESP_DES, blocksize: 8, keylen: 64-64
000 #3 ESP_3DES, blocksize: 8, keylen: 192-192
000 #7 ESP_BLOWFISH, blocksize: 8, keylen: 40-448
000 #11 ESP_NULL, blocksize: 0, keylen: 0-0
000 #12 ESP_AES, blocksize: 8, keylen: 128-256
000 #252 ESP_SERPENT, blocksize: 8, keylen: 128-256
000 #253 ESP_TWOFISH, blocksize: 8, keylen: 128-256
000
000 List of registered ESP Authentication Algorithms:
000
000 #1 AUTH_ALGORITHM_HMAC_MD5, keylen: 128-128
000 #2 AUTH_ALGORITHM_HMAC_SHA1, keylen: 160-160
000 #5 AUTH_ALGORITHM_HMAC_SHA2_256, keylen: 256-256
000 #251 AUTH_ALGORITHM_NULL, keylen: 0-0
Thus 12_128-2_160 is AES (128 bits) with SHA1 (160 bits)
and 3_192-1_128 is 3DES (192 bits incl. parity) with MD5 (128 bits)
Regards
Andreas
======================================================================
Andreas Steffen andreas.steffen@strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute of Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic