[strongSwan] Regarding Key Generation in strongswan 4.2.8
Bhatt, Rakshesh 1. (NSN - IN/Bangalore)
rakshesh.1.bhatt at nsn.com
Sun Sep 7 20:34:48 CEST 2014
Thanks for the quick response! My system has QNX. Maybe I'll check QNX manuals to find this out. Would you know if QNX entropy pool includes clock-source? When I change the clock-source, the IPSEC tunnel goes for a toss because it seems that the keys are no more aligned between client and server!
From: ext Andreas Steffen [mailto:andreas.steffen at strongswan.org]
Sent: Sunday, September 07, 2014 10:44 PM
To: Bhatt, Rakshesh 1. (NSN - IN/Bangalore); users at lists.strongswan.org
Subject: Re: [strongSwan] Regarding Key Generation in strongswan 4.2.8
by default strongSwan is using its random plugin to get random
material from the Linux /dev/urandom device. Depending on the system
setup, multiple random sources are feeding into the Linux entropy pool.
You have to check on your system which entropy sources are available.
On 09/07/2014 04:38 PM, Bhatt, Rakshesh 1. (NSN - IN/Bangalore) wrote:
> We are using strongswan version 4.2.8. My question is : Is system time /
> clock-source one of the inputs for the algorithm that generates Child SA
> and IKE keys?
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
More information about the Users