|
EtherealRE: [Ethereal-users] 0.99 ESP protocol preferences |
|
||
|
|
EtherealRE: [Ethereal-users] 0.99 ESP protocol preferences |
|
||
Guy, Thanks for your response. Yeah, my keylen for 3DES-CBC is 168, as it should be with 3x56 bits. But, according to RFC2451, it takes into account an extra 24 bits for parity. I can only do 3DES-168 on my Cisco Concentrator and/or Cisco router. So, essentially, I am SOL, unless someone knows how to not make it account for parity. Thanks again for your help gentlemen! -Chris -----Original Message----- From: ethereal-users-bounces@xxxxxxxxxxxx [mailto:ethereal-users-bounces@xxxxxxxxxxxx] On Behalf Of Guy Harris Sent: Monday, June 12, 2006 5:49 PM To: Ethereal user support Subject: Re: [Ethereal-users] 0.99 ESP protocol preferences On Jun 12, 2006, at 2:09 PM, Chris Flory wrote: > Ok, I see a problem, it appears I am limited to what I can use as an > encryption/algorithm option. At least according to the comments in packet-ipsec.c, your choices are: NULL TripleDES-CBC [RFC2451] : keylen 192 bits. AES-CBC with 128-bit keys [RFC3602] : keylen 128 and 192/256 bits. AES-CTR [RFC3686] : keylen 160/224/288 bits. The remaining 32 bits will be used as nonce. DES-CBC [RFC2405] : keylen 64 bits BLOWFISH-CBC : keylen 128 bits. TWOFISH-CBC : keylen 128/256 bits. (that's just cut-and-pasted from the comment). > I am using ESP/MD5/HMAC-128 for my authenticaton, For authentication, the comment says: NULL HMAC-SHA1-96 [RFC2404] : any keylen HMAC-MD5-96 [RFC2403] : any keylen HMAC-SHA256 : any keylen and says that AES-XCBC-MAC-96 [RFC3566] is "Not available because no implementation found." > and 3DES-168 for encryption on IPSec. The only 3DES I see in the first list is 3DES-CBC with a 192-bit key length; is 168 the key length you're using? _______________________________________________ Ethereal-users mailing list Ethereal-users@xxxxxxxxxxxx http://www.ethereal.com/mailman/listinfo/ethereal-users
Powered by MHonArc 2.6.10