Ethereal-users: Re: [Ethereal-users] 0.99 ESP protocol preferences

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Mon, 12 Jun 2006 15:49:09 -0700

On Jun 12, 2006, at 2:09 PM, Chris Flory wrote:


Ok, I see a problem, it appears I am limited to what I can use as an
encryption/algorithm option.


At least according to the comments in packet-ipsec.c, your choices are:

	NULL
	TripleDES-CBC [RFC2451] : keylen 192 bits.
	AES-CBC with 128-bit keys [RFC3602] : keylen 128 and 192/256 bits.
AES-CTR [RFC3686] : keylen 160/224/288 bits. The remaining 32 bits will be used as nonce. 
	DES-CBC [RFC2405] : keylen 64 bits
	BLOWFISH-CBC : keylen 128 bits.
	TWOFISH-CBC : keylen 128/256 bits.

(that's just cut-and-pasted from the comment).


I am using ESP/MD5/HMAC-128 for my authenticaton,


For authentication, the comment says:

	NULL
	HMAC-SHA1-96 [RFC2404] : any keylen
	HMAC-MD5-96 [RFC2403] : any keylen
	HMAC-SHA256 : any keylen
and says that AES-XCBC-MAC-96 [RFC3566] is "Not available because no implementation found." 


and 3DES-168 for encryption on IPSec.
The only 3DES I see in the first list is 3DES-CBC with a 192-bit key length; is 168 the key length you're using? 

_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users