[strongSwan] A few questions about ciphers

Raoul Duke rduke496 at gmail.com
Tue Dec 2 02:48:47 CET 2014


PS - the resource I was referring to was this one:

https://wiki.strongswan.org/projects/strongswan/wiki/ConnSection

On Tue, Dec 2, 2014 at 1:48 AM, Raoul Duke <rduke496 at gmail.com> wrote:
> Hi,
>
> A couple of questions about ciphers.
>
> According to this resource:
>
> * the default for esp is: aes128-sha1,3des-sha1.
> * the default for ike is: aes128-sha1-modp2048,3des-sha1-modp1536
>
> When I log configured proposals for ESP (on a connection client) I see:
>
> configured proposals: ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ,
> ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ,
> ESP:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/BLOWFISH_CBC_256/HMAC_SHA1_96/AES_XCBC_96/HMAC_MD5_96/NO_EXT_SEQ
>
> The first 2 seem to jibe with the documentation.  But what is the big
> long third option?  Is this some kind of wildcard/fall-through?
>
> I see something similar for IKE:
>
> configured proposals:
> IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048,
> IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536,
> IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/HMAC_MD5_96/HMAC_SHA1_96/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/AES_XCBC_96/AES_CMAC_96/PRF_HMAC_MD5/PRF_HMAC_SHA1/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/MODP_2048/MODP_2048_224/MODP_2048_256/MODP_1536/MODP_3072/MODP_4096/MODP_8192/MODP_1024/MODP_1024_160/ECP_256/ECP_384/ECP_521/ECP_224/ECP_192
>
> Again - the first 2 agree with the doc but then there is the longish
> third option.  Can you please give some info on the third option?
>
> 2] for an IOS client I noticed that the following proposal:
>
> received proposals: ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ,
> ESP:AES_CBC_256/HMAC_MD5_96/NO_EXT_SEQ,
> ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ,
> ESP:AES_CBC_128/HMAC_MD5_96/NO_EXT_SEQ,
> ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ,
> ESP:3DES_CBC/HMAC_MD5_96/NO_EXT_SEQ
>
> Which ended up in the following selection (based on the default settings):
>
> ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ
>
> If I wanted to enable the 256 version of the above would I do something like:
>
> esp=aes256-sha1!
>
> Is there any specific reason that the defaults are 128 and not 256?
> it seems like 256 is thought of as being more secure (when users go
> off and read some basic stuff about key sizes and form the conclusion
> that 256 is better based on scare story factoids).  To what extent is
> the choice of default a speed vs security trade-off?  Or a backwards
> compatibility one?
>
> Also - what is the significance of the SHA1 part of the cipher.
> Again, I have recently had the experience that SHA1 is no longer
> recommended when making certificates.  Is that a relevant factor here?
>  I guess what I'm really asking is: what is the hash used for in this
> case.  In any case it seems like SHA1 is all the IOS device proposes
> so the decision is not in my hands.
>
> As a general question: ESP is data traffic and IKE is
> control/management traffic,  right?  To what extent is the choice of
> ciphers important to one vs the other?
>
> Forgive if any of these questions seem overly generic or lacking in
> context - I'm just trying to educate my users with a statement on the
> strength of the encryption and reassure them about the choice of key
> sizes.
>
> Thanks.


More information about the Users mailing list