Date: Fri, 22 Dec 2000 15:40:15 -0600 (CST) From: Keith Ray <aphex@nullify.org> To: freebsd-security@freebsd.org Subject: IPSec + Racoon: pre-shared key length Message-ID: <977521215.3a43ca3fea068@nullify.org>
next in thread | raw e-mail | index | archive | help
I have finally been able to get Windows 2000 and FreeBSD to talk using IPSec +
ISAKMP. However, I am not sure what the appropriate length of the pre-shared
key should be. The best I could come up with is as follows:
Use a password generator that creates passwords with upper/lower case letters
and numbers. This gives me 62 possible combinations. 3DES uses 192-bit keys
for a keyspace of 2^192. So the problem is 62^x = 2^192. Take the log of both
sides and divide to get: 32.2. Therefor, a 33 length password should provide a
slightly greater keyspace to search than the 3DES keyspace.
Am I doing this correctly? Also, if neither machine is compromised, is there
any reason to change keys periodically since I am using IKE?
--------------------------------------------------------------------
Keith Ray aphex@nullify.org
http://www.nullify.org
PGP - 0xAE1B3529 - 8227 60E5 BAA5 9461 CAB3 A6F2 4DFE F573 AE1B 3529
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?977521215.3a43ca3fea068>