On 10/03/2010 12:35 PM, Christoph Anton Mitterer wrote: > Hi. > > On Sun, 03 Oct 2010 12:26:13 +0200, Andreas Steffen > <[email protected]> wrote: >> IKEv2 support for the AEAD modes CCM and GCM will be introduced >> with the forthcoming strongSwan release 4.5.0. > Ah :D I couldn't just believe that the Wiki is so current :) > > Is there some kind of security analysis which of the supported ones is > "best"? I haven't found a security analysis for the AEAD modes yet.
> And isn't it overkill to an authenticating and encrypting cipher, because > I thought authentication would (in addition) be already gained by the e.g. > sha1 part? > In the statement ike = aes256gcm128-sha512-modp2048 sha512 is not used for the integrity function but for the pseudo random function (PRF). strongSwan usually does not allow the PRF function to be chosen differently from the data integrity function but with AEAD there is a need to do so. > > Cheers, > Chris. Regards Andreas ====================================================================== Andreas Steffen [email protected] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
