Date: Fri, 22 Dec 2000 15:40:15 -0600 (CST) From: Keith Ray <aphex@nullify.org> To: freebsd-security@freebsd.org Subject: IPSec + Racoon: pre-shared key length Message-ID: <977521215.3a43ca3fea068@nullify.org>
next in thread | raw e-mail | index | archive | help
I have finally been able to get Windows 2000 and FreeBSD to talk using IPSec + ISAKMP. However, I am not sure what the appropriate length of the pre-shared key should be. The best I could come up with is as follows: Use a password generator that creates passwords with upper/lower case letters and numbers. This gives me 62 possible combinations. 3DES uses 192-bit keys for a keyspace of 2^192. So the problem is 62^x = 2^192. Take the log of both sides and divide to get: 32.2. Therefor, a 33 length password should provide a slightly greater keyspace to search than the 3DES keyspace. Am I doing this correctly? Also, if neither machine is compromised, is there any reason to change keys periodically since I am using IKE? -------------------------------------------------------------------- Keith Ray aphex@nullify.org http://www.nullify.org PGP - 0xAE1B3529 - 8227 60E5 BAA5 9461 CAB3 A6F2 4DFE F573 AE1B 3529 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?977521215.3a43ca3fea068>