Date: Thu, 11 Jan 2001 10:22:03 +0800 From: Erwan Arzur <erwan@netvalue.com> To: Roman Shterenzon <roman@xpert.com> Cc: Keith Ray <aphex@nullify.org>, freebsd-security@FreeBSD.ORG Subject: Re: IPSec + Racoon: pre-shared key length Message-ID: <3A5D18CB.5DE21EDA@netvalue.com> References: <Pine.LNX.4.30.0012251006200.368-100000@jamus.xpert.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Roman Shterenzon wrote: > > Could you post to the list or on the web the complete procedure? > Otherwise people will have to reinvent the wheel next time... > > On Fri, 22 Dec 2000, Keith Ray wrote: > > > I have finally been able to get Windows 2000 and FreeBSD to talk using IPSec + > > ISAKMP. However, I am not sure what the appropriate length of the pre-shared > > key should be. The best I could come up with is as follows: > > > > Use a password generator that creates passwords with upper/lower case letters > > and numbers. This gives me 62 possible combinations. 3DES uses 192-bit keys > > for a keyspace of 2^192. So the problem is 62^x = 2^192. Take the log of both > > sides and divide to get: 32.2. Therefor, a 33 length password should provide a > > slightly greater keyspace to search than the 3DES keyspace. > > > > Am I doing this correctly? Also, if neither machine is compromised, is there > > any reason to change keys periodically since I am using IKE? > > jot ? $ jot -r -w %.2x -s "" 24 3d5e13031a1b3f3f05216158381e5b5e151f550f5637110c -- Erwan Arzur NetValue ltd. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3A5D18CB.5DE21EDA>