Guy,
Thanks for your response.
Yeah, my keylen for 3DES-CBC is 168, as it should be with 3x56 bits. But,
according to RFC2451, it takes into account an extra 24 bits for parity.
I can only do 3DES-168 on my Cisco Concentrator and/or Cisco router. So,
essentially, I am SOL, unless someone knows how to not make it account for
parity.
Thanks again for your help gentlemen!
-Chris
-----Original Message-----
From: ethereal-users-bounces@xxxxxxxxxxxx
[mailto:ethereal-users-bounces@xxxxxxxxxxxx] On Behalf Of Guy Harris
Sent: Monday, June 12, 2006 5:49 PM
To: Ethereal user support
Subject: Re: [Ethereal-users] 0.99 ESP protocol preferences
On Jun 12, 2006, at 2:09 PM, Chris Flory wrote:
> Ok, I see a problem, it appears I am limited to what I can use as an
> encryption/algorithm option.
At least according to the comments in packet-ipsec.c, your choices are:
NULL
TripleDES-CBC [RFC2451] : keylen 192 bits.
AES-CBC with 128-bit keys [RFC3602] : keylen 128 and 192/256 bits.
AES-CTR [RFC3686] : keylen 160/224/288 bits. The remaining 32 bits
will be used as nonce.
DES-CBC [RFC2405] : keylen 64 bits
BLOWFISH-CBC : keylen 128 bits.
TWOFISH-CBC : keylen 128/256 bits.
(that's just cut-and-pasted from the comment).
> I am using ESP/MD5/HMAC-128 for my authenticaton,
For authentication, the comment says:
NULL
HMAC-SHA1-96 [RFC2404] : any keylen
HMAC-MD5-96 [RFC2403] : any keylen
HMAC-SHA256 : any keylen
and says that AES-XCBC-MAC-96 [RFC3566] is "Not available because no
implementation found."
> and 3DES-168 for encryption on IPSec.
The only 3DES I see in the first list is 3DES-CBC with a 192-bit key
length; is 168 the key length you're using?
_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users
_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users
