[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: pre-shared key v RSA encryption or RSA signature authentication modes
At 12:05 PM 3/21/2002 -0500, Uri Blumenthal wrote:
>A good point, certainly. But I don't see all that much in
>common between, say, Unix passwords and IPsec pre-shared
>keys.
>
>IPsec implementations I'm aware of, don't take an ASCII
>password, but require a reasonably long key.
Nearly all commercial IPsec implementations allow users to enter in ASCII
passwords as preshared keys and none of them enforce or even have
mechanisms to enforce complicated preshared keys.
A few implementations (Avaya, was VPNet, comes to mind) will generate long
complicated preshared keys for the user. But even then a user can manually
enter a simple preshared key and shoot themselves in the foot.
mike
_______________________________
Mike Fratto
Senior Technology Editor
Network Computing
001 Machinery Hall
Syracuse, NY 13244
_______________________________