From owner-freebsd-security Sun Jan 17 21:13:20 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id VAA16487 for freebsd-security-outgoing; Sun, 17 Jan 1999 21:13:20 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from gongshow.masterplan.org (masterplan.powersurfr.com [24.108.38.69]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id VAA16482 for ; Sun, 17 Jan 1999 21:13:19 -0800 (PST) (envelope-from jbg@masterplan.org) Received: from infomat (infomat.precident.com [192.168.4.2]) by gongshow.masterplan.org (8.8.8/8.8.8) with SMTP id WAA23546 for ; Sun, 17 Jan 1999 22:13:13 -0700 (MST) (envelope-from jbg@masterplan.org) Message-Id: <199901180513.WAA23546@gongshow.masterplan.org> From: jbg@masterplan.org (Jason George) To: freebsd-security@FreeBSD.ORG Subject: Re: SKIP algorithm mismatch: FBSD vs Solaris Organization: The Master Plan Always Fails... Date: Mon, 18 Jan 1999 05:14:21 GMT Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org The Solaris package version is the global version (512-bit) of the SKIP binary, whereas the FreeBSD port is the U.S./Canada version (2048-bit). I ordered the Windows version online a few months ago and downloaded via the Sun website. It only supported the RC2/RC4 algorithms. It took me a full week of persistent bugging to get Sun to tell me that the only way to obtain the 2048-bit version was to have them ship me a copy to a verified North American address. The bottom line is that all of the web-downloadable SKIP binaries are only compiled to run at "global" level encryption strength. I'm quite confident that the $$$ version of Solaris SKIP will support stronger encryption. I'm also confident that if you compiled the Solaris version from scratch, it would support stronger encrytion. Hope this helps. --Jason j.b.georgeieee.org jbgmasterplan.org >I've got a FBSD<-internet->Solaris setup and I'd like to run IP-level >encryption between them. I installed skip-1.0 from the FBSD port >collection and did a pkgadd of the Solaris skip-1.1 from >http://skip.incog.com/. > >Unfortunately, it seems they don't share any crypto algorithms. Am I >out of luck? If so, what non-skip alternatives might I have? > >thanks! >-david. > >On FreeBSD (Skip 1.0): ># skipstat -C > >Cryptographic algorithms (SKIP version 1): >Crypto Module Id: 1 Crypto Name: DES-CBC >Crypto Module Id: 10 Crypto Name: simplecrypt > >Cryptographic algorithms (SKIP): >Crypto Module Id: 1 Crypto Name: DES-CBC >Crypto Module Id: 2 Crypto Name: DES-EDE-K3 >Crypto Module Id: 241 Crypto Name: Safer-128SK-CBC >Crypto Module Id: 252 Crypto Name: simplecrypt > >MAC algorithms (SKIP): >MAC Module Id: 1 MAC Name: MD5 > >On Solaris (Skip 1.1): ># skipstat -C > >Cryptographic algorithms (SKIP version 1): >Crypto Module Id: 2 Crypto Name: RC2-40 >Crypto Module Id: 3 Crypto Name: RC4-40 > >Cryptographic algorithms (SKIP): >Crypto Module Id: 240 Crypto Name: RC4-40 >Crypto Module Id: 242 Crypto Name: RC2-40 > >MAC algorithms (SKIP): >MAC Module Id: 1 MAC Name: MD5 > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message