Re: SKIP and IPSec

From: Valerie Anne Bubb (Valerie.Bubb@Sun.COM)
Date: 01/15/02


Date: Tue, 15 Jan 2002 09:32:45 -0800 (PST)
From: Valerie Anne Bubb <Valerie.Bubb@Sun.COM>
To: focus-sun@securityfocus.com, adam@gmi.com


>Date: Tue, 8 Jan 2002 22:18:11 -0800
>From: adam morley <adam@gmi.com>
>To: focus-sun@securityfocus.com
>
>If memory serves me, when using skip under solaris, the actual encryption keys
>for encrypting the data on the wire are only used for a given period of time,
>then remade. is this also true for IPSec? ie: does IPSec encrypt the data on
>the wire with a rotating key, or does it use the ones specfied in
>/etc/inet/ipseckeyfile.

Adam -

No, IPsec in Solaris 8 (manual keying only) does not encrypt
using a rotating key, but rather the keys specified by you.

IKE (not available in Solaris 8) should take care of this.

Valerie

--
valerie.bubb@sun.com
bubb@bubb.org



Relevant Pages

  • Re: Portable hard drive through airport security?
    ... encrypt using the built-in MS system. ... How do you make sure you export all the keys? ... For example, if you're traveling between offices, simply transferring ... "With AEFSDR (Advanced EFS Data Recovery), ...
    (rec.travel.air)
  • Re: Java Security
    ... (We can pick a private algorithm but decompiling ... Never give encrypt keys on an application. ... give them by phone or letter, or use a SSL http website with the user login, ...
    (comp.lang.java.help)
  • Re: When does repeated encryption linearly affect time to attack it?
    ... key with n bytes of cipher text in time t, ... hash function with known salts S2 and S3 to create keys K' and K''. ... encrypt it with K', take that result and encrypt with K''. ... Would RC4 repeated 3 times with different ...
    (sci.crypt)
  • Re: Is encrypting twice much more secure?
    ... If you aren't doing one of the layering things, or belt-and-braces, or universal re-encryption, then don't double/multiple encrypt - it's usually not the best way to go. ... the lawyer can give his customers the keys and they can get the ... He wants the encrypted source code to be public. ... What I'd do is use two 256-bit block, 256-bit keyed ciphers chosen to be as dissimilar as possible. ...
    (sci.crypt)
  • Re: Encryption software?
    ... TKLM is IBMs recommended ... key manager and serves up keys to whatever hardware that requests them. ... In our environment our Java EKM serves up keys and utilizes RACF as the ... to request keys from the EKM and encrypt the data accordingly. ...
    (bit.listserv.ibm-main)