Janis Lacis wrote:
>
> I am having a problem trying to implement IPSec tunnel between CISCO IPSec
> IOS and Checkpoint Firewal-1 V4.0. It turned out that CISCO has 56 bit DES
> but Checkpoint has only 40 bit DES.
I might be speaking out of my arse here, but I have the distinct
recollection that there is no such thing as 40 bit DES; the
algorithm is firmly super-glued to the idea of keys of 56 bit length.
Am I wrong?
If I'm right, you might want to take a look at what algorithms are
actually used by FW-1; are you sure it's DES and not some other RCx
algorithm, IDEA, Blowfish or something?
It _could_ however be the case that the Checkpoint implementation
has crippled DES by only allowing the 40 first bits to change,
and having the last 16 bits static (all 0s?). Sounds a wee bit
like key escrowing to me, but you never know. (NOTE: I'm not
an FW-1 user myself; this is only wild unfound speculation.)
/Mike
--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 �RNSK�LDSVIK
Phone: +46-(0)660-105 50 Fax: +46-(0)660-122 50
Mobile: +46-(0)70-248 00 33
WWW: http://www.enternet.se E-mail: [EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
