Linux/Mac IPsec into Contivity?

John E. Horton jehorton at erols.com
Fri Nov 19 23:33:32 EST 1999


FYI.

There is 2 key 3DES and 3 Key 3DES.

If I recall correctly, 2 key 3DES ( A = C, B != A & B != C) has a key space 
of 112 bits (2 x 56), with an effective key space of ~80 bits.

3 Key 3DES (A != B, B != C, A != C) has a key space of 168 bits (3 x 56) 
with an effective key space of ~112 bits.

According to Applied Cryptography, Inner-CBC or Outer-CBC Mode (pg. 360) 
can be applied to triple key encryption algorithms.

Cheers.

At 01:23 PM 11/18/99 -0500, Michael H. Warfield wrote:
>On Thu, Nov 18, 1999 at 07:55:05AM -0800, Chris Carlson wrote:
> > Ken,
>
> > Yes, the Linux Free S/WAN is IPSec.  It definately
> > supports 56-bit DES, not sure about 168-bit 3-DES.
>
>         No...  It doesn't support 56 bit DES any more.  They removed that
>support after DES was broken repeatedly and proven too insecure.  They
>refuse to even make it easy to put it back in (although, technically you
>can do the same job with 3des where the keys are identical - the 3des/des
>compatibilty mode in the cypher).  They definitely support 3des with
>112 bit keys.  Don't know if they have full 3des where all three keys
>are independent (168 bit keys).  The 112 bit varient, you encrypt with
>the first key, decrypt with the second key, and then encrypt again with
>the first key (EDE mode).  That's algorithmically equivalent to des if
>both 56 bit keys are the same.  That's normally what's referred to when
>someone simply mentions 3DES (the 112 bit varient, that is).
>
>         Reference:  Applied Cryptography, 2nd ed, Bruce Schneier, pp 359
>
> > Chris
> > --
> >
> > --- "Chen, Ken C" <ken.c.chen at lmco.com> wrote:
> > > Does the Linux client create an IPsec tunnel?
> > >
> > >
> > > -----Original Message-----
> > > From: Chris Carlson [mailto:carlsonmail at yahoo.com]
> > > Sent: Tuesday, November 09, 1999 4:37 PM
> > > To: David Mostardi; vpn at listserv.secnetgroup.com
> > > Subject: Re: Linux/Mac IPsec into Contivity?
> > >
> > >
> > > David,
> > >
> > > You have a couple of (limited) options:
> > >
> > > 1) Use a PPTP or L2TP client for Macintosh.  Network
> > > Telesystems (www.nts.com) makes such a client.
> > >
> > > 2) Linux can use Free S/WAN to tunnel to the
> > > Contivity, but it creates a branch office tunnel,
> > > and
> > > not an end-user tunnel.  I think you must turn off
> > > Perfect Forward Secrecy on Contivity v2.50 for this
> > > to
> > > work.
> > >
> > >
> > > Hope this helps!
> > > Chris
> > > --
> > >
> > > --- David Mostardi <davidm at mdli.com> wrote:
> > > > I've got a BayNetworks/Nortel Contivity 1500 box.
> > > > The IPsec client that comes with it only supports
> > > > Win95/Win98/WinNT.  I've got users who want to get
> > > > in
> > > > through Linux or Macintosh.  Has anyone
> > > successfully
> > > > gotten into Contivity over these platforms?
> > > >
> > > > TIA,
> > > >
> > >
> > ------------------------------------------------------------------------
> > > > David Mostardi
> > > Web:
> > > > http://www.mdli.com
> > > > Unix Systems Manager
> > > Email:
> > > > davidm at mdli.com
> > > > MDL Information Systems, Inc.
> > > Voice:
> > > > (510) 357-2222 x1420
> > > > 14600 Catalina St., San Leandro CA 94577
> > > Fax:
> > > > (510) 352-2870
> > > >
> > > >       -- "When in danger or in doubt, run in
> > > > circles, scream and shout"
> > > >
> > >
> > > =====
> > >
> > > __________________________________________________
> > > Do You Yahoo!?
> > > Bid and sell for free at http://auctions.yahoo.com
> > >
> > >
> > ****************************************************************
> > > TO POST A MESSAGE on this list, send it to
> > > vpn at listserv.secnetgroup.com
> > >
> > > The VPN FAQ (under construction) is available at
> > > http://kubarb.phsx.ukans.edu/~tbird/vpn/FAQ.html
> > >
> > > We are currently experiencing "unsubscribe"
> > > difficulties.  If you
> > > wish to unsubscribe, please send a message
> > > containing the single line
> > > "unsubscribe vpn your-e-mail-address" to
> > > owner-vpn at listserv.secnetgroup.com
> > >
> > >
> > ****************************************************************
> > >
> > >
> > ****************************************************************
> > > TO POST A MESSAGE on this list, send it to
> > > vpn at listserv.secnetgroup.com
> > >
> > > The VPN FAQ (under construction) is available at
> > > http://kubarb.phsx.ukans.edu/~tbird/vpn/FAQ.html
> > >
> > > We are currently experiencing "unsubscribe"
> > > difficulties.  If you
> > > wish to unsubscribe, please send a message
> > > containing the single line
> > > "unsubscribe vpn your-e-mail-address" to
> > > owner-vpn at listserv.secnetgroup.com
> > >
> > >
> > ****************************************************************
> > >
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Bid and sell for free at http://auctions.yahoo.com
> >
> > ****************************************************************
> > TO POST A MESSAGE on this list, send it to vpn at listserv.secnetgroup.com
> >
> > The VPN FAQ (under construction) is available at
> > http://kubarb.phsx.ukans.edu/~tbird/vpn/FAQ.html
> >
> > We are currently experiencing "unsubscribe" difficulties.  If you
> > wish to unsubscribe, please send a message containing the single line
> > "unsubscribe vpn your-e-mail-address" to owner-vpn at listserv.secnetgroup.com
> >
> > ****************************************************************
>
>--
>  Michael H. Warfield    |  (770) 985-6132   |  mhw at WittsEnd.com
>   (The Mad Wizard)      |  (770) 331-2437   |  http://www.wittsend.com/mhw/
>   NIC whois:  MHW9      |  An optimist believes we live in the best of all
>  PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!
>
>****************************************************************
>TO POST A MESSAGE on this list, send it to vpn at listserv.secnetgroup.com
>
>The VPN FAQ (under construction) is available at
>http://kubarb.phsx.ukans.edu/~tbird/vpn/FAQ.html
>
>We are currently experiencing "unsubscribe" difficulties.  If you
>wish to unsubscribe, please send a message containing the single line
>"unsubscribe vpn your-e-mail-address" to owner-vpn at listserv.secnetgroup.com
>
>****************************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/vpn/attachments/19991119/96372923/attachment.htm 


More information about the VPN mailing list