Date: Thu, 11 Jan 2001 11:32:03 +0900 From: itojun@iijlab.net To: Erwan Arzur <erwan@netvalue.com> Cc: Roman Shterenzon <roman@xpert.com>, Keith Ray <aphex@nullify.org>, freebsd-security@FreeBSD.ORG Subject: Re: IPSec + Racoon: pre-shared key length Message-ID: <21707.979180323@coconut.itojun.org> In-Reply-To: erwan's message of Thu, 11 Jan 2001 10:22:03 %2B0800. <3A5D18CB.5DE21EDA@netvalue.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>> > Use a password generator that creates passwords with upper/lower case letters >> > and numbers. This gives me 62 possible combinations. 3DES uses 192-bit keys >> > for a keyspace of 2^192. So the problem is 62^x = 2^192. Take the log of both >> > sides and divide to get: 32.2. Therefor, a 33 length password should provide a >> > slightly greater keyspace to search than the 3DES keyspace. >> > >> > Am I doing this correctly? Also, if neither machine is compromised, is there >> > any reason to change keys periodically since I am using IKE? preshared keys are not directly related to IPsec key length, preshared keys are just for authenticating IKE daemon at the other end. so key length argument (above) may not be 100% right... itojun To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?21707.979180323>