[strongSwan] many cipher/hash modes seems to be unavailable

Andreas Steffen andreas.steffen at strongswan.org
Sun Oct 3 13:30:11 CEST 2010


On 10/03/2010 12:35 PM, Christoph Anton Mitterer wrote:
> Hi.
>
> On Sun, 03 Oct 2010 12:26:13 +0200, Andreas Steffen
> <andreas.steffen at strongswan.org>  wrote:
>> IKEv2 support for the AEAD modes CCM and GCM will be introduced
>> with the forthcoming strongSwan release 4.5.0.
> Ah :D I couldn't just believe that the Wiki is so current :)
>
> Is there some kind of security analysis which of the supported ones is
> "best"?
I haven't found a security analysis for the AEAD modes yet.

> And isn't it overkill to an authenticating and encrypting cipher, because
> I thought authentication would (in addition) be already gained by the e.g.
> sha1 part?
>
In the statement

ike = aes256gcm128-sha512-modp2048

sha512 is not used for the integrity function but for the pseudo
random function (PRF). strongSwan usually does not allow the PRF 
function to be chosen differently from the data integrity function
but with AEAD there is a need to do so.

>
> Cheers,
> Chris.

Regards

Andreas

======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==




More information about the Users mailing list