src - OpenBSD base system

diff options


context:
space:
mode:

author	Angelos D. Keromytis <angelos@cvs.openbsd.org>	2000-10-09 22:21:42 +0000
committer	Angelos D. Keromytis <angelos@cvs.openbsd.org>	2000-10-09 22:21:42 +0000
commit	9d000f77a014c92c9f8906d9d8d42d2c4b05583f (patch)
tree	d65ecbee58f8b690c141b79bae3c722f70e83466 /sbin/ipsecadm
parent	dd8a2708728ea2f23889c616e8d0e8a2d0b86582 (diff)

AES.

Diffstat (limited to 'sbin/ipsecadm')

-rw-r--r--

sbin/ipsecadm/ipsecadm.8

-rw-r--r--

sbin/ipsecadm/ipsecadm.c

2 files changed, 11 insertions, 6 deletions

diff --git a/sbin/ipsecadm/ipsecadm.8 b/sbin/ipsecadm/ipsecadm.8
index a30a83dcf1a..e6717e207df 100644
--- a/sbin/ipsecadm/ipsecadm.8
+++ b/sbin/ipsecadm/ipsecadm.8

@@ -1,4 +1,4 @@

-.\" $OpenBSD: ipsecadm.8,v 1.31 2000/09/29 19:10:08 angelos Exp $

+.\" $OpenBSD: ipsecadm.8,v 1.32 2000/10/09 22:21:41 angelos Exp $

.\"

@@ -331,14 +331,17 @@ This is available for both old and new esp.

Notice that hardware crackers for DES can be (and have been) built for

US$250,000 (in 1998).

Use DES for encryption of critical information at your own risk.

-We suggest using 3DES instead.

+We suggest using 3DES or AES instead.

DES support is kept for interoperability

(with old implementations) purposes only.

See

.Xr des_cipher 3 .

.It Nm 3des

This is available for both old and new esp.

-It is considered more secure than straight DES, since it uses larger keys.

+It is considered more secure than straight DES, since it uses larger

+keys.

+.It Nm aes

+Rijndael encryption is available only in new esp.

.It Nm blf

Blowfish encryption is available only in new esp.

See

@@ -370,10 +373,11 @@ and

.Nm 3des

is fixed to 8 and 24 respectively.

For other ciphers like

-.Nm cast

+.Nm cast ,

+.Nm aes ,

.Nm blf

-the key length can be variable.

+the key length can vary (depending on the algorithm).

The

.Nm key

should be given in hexadecimal digits.

diff --git a/sbin/ipsecadm/ipsecadm.c b/sbin/ipsecadm/ipsecadm.c
index fe23f172aca..b68431a8f60 100644
--- a/sbin/ipsecadm/ipsecadm.c
+++ b/sbin/ipsecadm/ipsecadm.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ipsecadm.c,v 1.44 2000/09/29 19:06:53 angelos Exp $ */

+/* $OpenBSD: ipsecadm.c,v 1.45 2000/10/09 22:21:41 angelos Exp $ */

* The authors of this code are John Ioannidis (ji@tla.org),

* Angelos D. Keromytis (kermit@csd.uch.gr) and

@@ -91,6 +91,7 @@ typedef struct {

transform xf[] = {

{"des", SADB_EALG_DESCBC, XF_ENC |ESP_OLD|ESP_NEW},

{"3des", SADB_EALG_3DESCBC, XF_ENC |ESP_OLD|ESP_NEW},

+ {"aes", SADB_X_EALG_AES, XF_ENC |ESP_NEW},

{"blf", SADB_X_EALG_BLF, XF_ENC | ESP_NEW},

{"cast", SADB_X_EALG_CAST, XF_ENC | ESP_NEW},

{"skipjack", SADB_X_EALG_SKIPJACK, XF_ENC | ESP_NEW},