Re: pre-shared key v RSA encryption or RSA signature authentication modes

[Mike Fratto <mfratto@nwc.com>]

At 12:05 PM 3/21/2002 -0500, Uri Blumenthal wrote:
>A good point, certainly. But I don't see all that much in
>common between, say, Unix passwords and IPsec pre-shared
>keys.
>
>IPsec implementations I'm aware of, don't take an ASCII
>password, but require a reasonably long key.

Nearly all commercial IPsec implementations allow users to enter in ASCII 
passwords as preshared keys and none of them enforce or even have 
mechanisms to enforce complicated preshared keys.

A few implementations (Avaya, was VPNet, comes to mind) will generate long 
complicated preshared keys for the user. But even then a user can manually 
enter a simple preshared key and shoot themselves in the foot.

mike

_______________________________ 

Mike Fratto
Senior Technology Editor
Network Computing
001 Machinery Hall
Syracuse, NY  13244
_______________________________