64 characters, 6 minimum characters, at least 4 different characters
-GS
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of Mark
Senior
Sent: Thursday, May 24, 2007 4:02 PM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: Re: [FW-1] VPN/PSK length
That's a 2048 bit DH group, not a preshared key.
The PSK is hashed along with a nonce, using either MD5 (128 bit hash)
or SHA1 (160 bit hash). So, the actual data that is compared is
either 128 or 160 bits. The PSK itself is not limited by any facet if
the IKE standard, just by implementation, since it will always be
hashed up or down to 128 or 160 bits.
All that, and I'm afraid I don't know what the max PSK length
supported by NGX is.
Regards
Mark
On 5/24/07, cisco4ng wrote:
> yes,
>
> for NGx, it is DH-Group14 which is 2048 bits.
>
> "Robers, Tom" wrote: Hi all,
>
> Does anyone know the maximum length for a PSK; we want to configure a
> VPN with an external gateway using pre-shared secret.
>
> Thanks
> Tom
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
>
>
>
> ---------------------------------
> Get the free Yahoo! toolbar and rest assured with the added security
of spyware protection.
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
>
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
