Mark Senior wrote:
That's a 2048 bit DH group, not a preshared key.
The PSK is hashed along with a nonce, using either MD5 (128 bit hash)
or SHA1 (160 bit hash). So, the actual data that is compared is
either 128 or 160 bits. The PSK itself is not limited by any facet if
the IKE standard, just by implementation, since it will always be
hashed up or down to 128 or 160 bits.
any psk, even something like vEW6xMOCeQ would be enough for a VPN setup
as it's getting hashed anyway. as long as you firewall of udp/500 and
proto 50/51 and you can securly exchane the PSK it's less probable that
someone can read you encrypted data.
Yes, I know that there are rainbow tables that can find you the
cleartext value for a given hash but I highly doubt that thay precompute
silly stuff like my example above at a large scale.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
