Re: linux-ipsec: problems, part 3

-----BEGIN PGP SIGNED MESSAGE----- To: Richard Guy Briggs <rgb@conscoop.flora.org> Subject: Re: linux-ipsec: problems, part 3 Cc: henry@zoo.utoronto.ca, linux-ipsec@clinet.fi Date: 03/05/98, 14:27:40

In message <199803051839.NAA22967@conscoop.flora.org>, Richard Guy Briggs write s:
>Which command is this 'feature' used in?

Any command that takes a key, I believe.

>It looks as though the whole key is used for generating the 3 des keys,
>the iv (for constant IV), the HMAC key and ipad and rpad which I assume
>are initiator and responder related, all hashed.

Oh. That. So there's probably a very ugly s&d mechanism in there, which needs to be completely removed.

>This is (admittedly) new territory. This code looks quite deliberate
>so I assume it is either done on purpose or borrowed. It is quite
>different from the OpenBSD code and the description in rfc2104.

Yes. That code is ancient.

• -Angelos

-----BEGIN PGP SIGNATURE-----

Version: 2.6.3i
Charset: noconv
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related lists.freeswan.org Links 1998-fall 1998-spring 1998-summer 1998-winter 1999-winter announce briefs bugs design freeswan-list hipsec ietf-sectest users users-admin Request more information about Pantek

iQCVAwUBNP78rL0pBjh2h1kFAQEm8AQAkeC+gn+wkRanG5oJhlaDGrbDmcBeh8pQ wcD8Xg5t2KG2O/jtOeTqxyy1lO3ETz+Rzd36m7OsxgpckvCEPG3Tx96rid0NalEh 0LNNhuVWGyTbrRp+RKQUQWyZI1yj7mrhVvxTDJDakI8e1d2v7RBale17UONEPCZp mAJoulYp9fo=
=IV53
-----END PGP SIGNATURE----- Received on Thu Mar 5 14:42:14 1998