Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 11 Jan 2001 10:22:03 +0800
From:      Erwan Arzur <erwan@netvalue.com>
To:        Roman Shterenzon <roman@xpert.com>
Cc:        Keith Ray <aphex@nullify.org>, freebsd-security@FreeBSD.ORG
Subject:   Re: IPSec + Racoon: pre-shared key length
Message-ID:  <3A5D18CB.5DE21EDA@netvalue.com>
References:  <Pine.LNX.4.30.0012251006200.368-100000@jamus.xpert.com>

next in thread | previous in thread | raw e-mail | index | archive | help
Roman Shterenzon wrote:
> 
> Could you post to the list or on the web the complete procedure?
> Otherwise people will have to reinvent the wheel next time...
> 
> On Fri, 22 Dec 2000, Keith Ray wrote:
> 
> > I have finally been able to get Windows 2000 and FreeBSD to talk using IPSec +
> > ISAKMP.  However, I am not sure what the appropriate length of the pre-shared
> > key should be.  The best I could come up with is as follows:
> >
> > Use a password generator that creates passwords with upper/lower case letters
> > and numbers.  This gives me 62 possible combinations.  3DES uses 192-bit keys
> > for a keyspace of 2^192.  So the problem is 62^x = 2^192.  Take the log of both
> > sides and divide to get: 32.2.  Therefor, a 33 length password should provide a
> > slightly greater keyspace to search than the 3DES keyspace.
> >
> > Am I doing this correctly?  Also, if neither machine is compromised, is there
> > any reason to change keys periodically since I am using IKE?
> >

jot ?

$ jot -r -w %.2x -s "" 24 
3d5e13031a1b3f3f05216158381e5b5e151f550f5637110c
--
Erwan Arzur
NetValue ltd.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3A5D18CB.5DE21EDA>