diff options
| author | Theo de Raadt <deraadt@cvs.openbsd.org> | 1999-02-17 20:39:18 +0000 |
|---|---|---|
| committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 1999-02-17 20:39:18 +0000 |
| commit | de8241fbb83208983b5c2484bd72cde3f3a4f6fc (patch) | |
| tree | 245020eeb9cbc7c4e5652fc1c7935bf74cb54763 /sbin/ipsecadm | |
| parent | e69c99c22ea6c6485ca410ac27ade91af6b924bc (diff) | |
ipsec skipjack, based on free .fi code (some .gov type will test this for me)
Diffstat (limited to 'sbin/ipsecadm')
| -rw-r--r-- | sbin/ipsecadm/ipsecadm.1 | 27 | ||||
| -rw-r--r-- | sbin/ipsecadm/ipsecadm.c | 3 |
2 files changed, 19 insertions, 11 deletions
diff --git a/sbin/ipsecadm/ipsecadm.1 b/sbin/ipsecadm/ipsecadm.1 index fc37425bae0..df62a8acbe2 100644 --- a/sbin/ipsecadm/ipsecadm.1 +++ b/sbin/ipsecadm/ipsecadm.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ipsecadm.1,v 1.6 1999/02/09 21:13:06 kjell Exp $ +.\" $OpenBSD: ipsecadm.1,v 1.7 1999/02/17 20:39:16 deraadt Exp $ .\" Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de> .\" All rights reserved. .\" @@ -174,19 +174,26 @@ For new ESP, specify new style self-describing padding should be used. .It enc The encryption algorithm to be used with the SPI. Possible values are: -.Nm des -and -.Nm 3des -for both old and new esp. +.Bl -tag -width skipjack +.It Nm des +This is available for both old and new esp. Notice that hardware crackers for DES can be (and have been) built for US$250,000. Use DES for encryption of critical information at your risk. We suggest using of 3DES instead. The DES support is kept for interoperability (with old implementations) purposes only. -Blowfish encryption -.Nm blf -and -.Nm cast -can only be used with new esp. +.It Nm 3des +This is available for both old and new esp. It is more considered to be +more secure than straight DES, since it uses larger keys. +.It Nm blf +Blowfish encryption is available only in new esp. +.It Nm cast +CAST encryption is available only in new esp. +.It Nm skipjack +SKIPJACK encryption is available only in new esp. This algorithm designed +by the NSA is faster than 3DES. However, since it was designed by the NSA +it is a poor choice. +.El +.Pp .It auth The authentication algorithm to be used with the SPI. Possible values are: diff --git a/sbin/ipsecadm/ipsecadm.c b/sbin/ipsecadm/ipsecadm.c index 4f643c80ef4..1930fdc1b3b 100644 --- a/sbin/ipsecadm/ipsecadm.c +++ b/sbin/ipsecadm/ipsecadm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsecadm.c,v 1.2 1999/02/13 00:19:48 angelos Exp $ */ +/* $OpenBSD: ipsecadm.c,v 1.3 1999/02/17 20:39:16 deraadt Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -103,6 +103,7 @@ transform xf[] = { {"3des", ALG_ENC_3DES, XF_ENC |ESP_OLD|ESP_NEW}, {"blf", ALG_ENC_BLF, XF_ENC | ESP_NEW}, {"cast", ALG_ENC_CAST, XF_ENC | ESP_NEW}, + {"skipjack", ALG_ENC_SKIPJACK, XF_ENC | ESP_NEW}, {"md5", ALG_AUTH_MD5, XF_AUTH|AH_OLD|AH_NEW|ESP_NEW}, {"sha1", ALG_AUTH_SHA1,XF_AUTH|AH_OLD|AH_NEW|ESP_NEW}, {"rmd160", ALG_AUTH_RMD160, XF_AUTH|AH_NEW|ESP_NEW}, |