search for: hmac_sha1

...interval_to_send 10 sec; times_per_send 1; kmp_sa_nego_time_limit 60 sec; ipsec_sa_nego_time_limit 40 sec; kmp_enc_alg { aes256_cbc; 3des_cbc; }; kmp_hash_alg { hmac_sha1; hmac_md5; aes_xcbc; }; kmp_auth_method { dss; }; kmp_dh_group { 1; 2; 5; 14; 15; }; random_pad_content on; random_padlen on; max_padlen 50 bytes; }; };...

Hi folks, At least several endpoints (soft phone and desk phones) are supporting various 256 bit ciphers for SRTP these days. I *believe* libsrtp has been updated to allow this, and that only the code in Asterisk has not been been updated to allow these stronger ciphers. Would anyone with the know-how be willing/able to submit a patch ? Thank you, Kevin Long

...l IPsec policy configuration (like "esp/transport//use) # - permutation of the crypto/hash/compression algorithms presented below sainfo anonymous { # pfs_group 2; lifetime time 12 hour ; encryption_algorithm 3des, cast128, blowfish 448, des, rijndael ; authentication_algorithm hmac_sha1, hmac_md5 ; compression_algorithm deflate ; } --------------------------END------------------------------------------------------------------ certificate are created in bsd with following commands: openssl req -new -nodes -newkey rsa:1024 -sha1 -days 1095 -keyout bsd.private -out request.pe...

...rithm sha1 512; authentication_method rsasig; dh_group modp4096; lifetime time 300 sec; } } sainfo anonymous { pfs_group modp4096; lifetime time 300 sec; encryption_algorithm rijndael 256; authentication_algorithm hmac_sha1; compression_algorithm deflate; } padding { randomize on; randomize_length on; strict_check on; } script for setting up policy: #!/usr/bin/setkey -f flush; spdflush; spdadd 192.168.2.10/32 192.168.2.11/32 any -P out ipsec esp/tunnel/192.168.2.10-192....

...debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,aes128192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,aes128192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac_sha1,hmac-sha1-96 debug2: kex_parse_kexinit: hmac_sha1,hmac-sha1-96 debug2: kex_parse_kexinit: none,zlib at openssh.com debug2: kex_parse_kexinit: none,zlib at openssh.com debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: rese...

...m sha1; > authentication_method rsasig ; > dh_group 2 ; > } > } > > sainfo address 192.168.3.0/24 any address 1.2.3.4/32 any > { > pfs_group 2; > lifetime time 12 hour ; > encryption_algorithm blowfish ; > authentication_algorithm hmac_sha1, hmac_md5 ; > compression_algorithm deflate ; > } > > sainfo address 5.6.7.8/32 any address 1.2.3.4/32 any > { > pfs_group 2; > lifetime time 12 hour ; > encryption_algorithm blowfish ; > authentication_algorithm hmac_sha1, hmac_md5 ; > compress...

...encryption_algorithm 3des; hash_algorithm sha1; authentication_method pre_shared_key ; dh_group 2 ; } } sainfo anonymous { pfs_group 1; lifetime time 30 min; encryption_algorithm 3des ; authentication_algorithm hmac_sha1; compression_algorithm deflate ; } Kevin Glick glitch@ridiculum.woohaw.com

...t;; proposal { encryption_algorithm 3des; hash_algorithm sha1; authentication_method rsasig; dh_group 2 ; } } sainfo anonymous { pfs_group 1; lifetime time 2 min; encryption_algorithm 3des ; authentication_algorithm hmac_sha1; compression_algorithm deflate ; } remote 192.168.0.29 { exchange_mode aggressive,main; my_identifier asn1dn; peers_identifier asn1dn; certificate_type x509 "slave1.public" "slave1.private"; peers_certfile "slave2.public"; pr...

...yption_algorithm 3des; hash_algorithm sha1; authentication_method pre_shared_key; dh_group 2; } } sainfo anonymous { pfs_group 2; lifetime time 2 min; encryption_algorithm 3des; authentication_algorithm hmac_sha1; compression_algorithm deflate; } relevant ios config on ned: hostname ned ! crypto isakmp policy 10 encryption 3des hash sha authentication pre-share group 2 ! crypto isakmp key 123456asdf address 192.168.1.42 no-xauth ! crypto ipsec transform-set phaedrus_transform ah-sha-hmac...

I'm playing with google-authenticator libpam https://code.google.com/p/google-authenticator/ It appears to be failing the "make test" on CentOS 5.9 32bit. ./pam_google_authenticator_unittest Testing base32 encoding Testing base32 decoding Testing HMAC_SHA1 Loading PAM module Running tests, querying for verification code Testing failed login attempt Testing required number of digits Testing a blank response Test handling of missing state files Testing successful login Testing WINDOW_SIZE option Testing DISALLOW_REUSE option Testin...

...proposal_check obey; proposal { encryption_algorithm 3des; hash_algorithm sha1; authentication_method pre_shared_key; dh_group 1; } } sainfo address 192.168.190.44 any address 192.168.190.43 any { pfs_group 1; lifetime time 2 hour; encryption_algorithm 3des; authentication_algorithm hmac_sha1; compression_algorithm deflate; } Thanks in advance Priya __________________________________________________________ Yahoo! India Matrimony: Find your partner now. Go to http://yahoo.shaadi.com

...tion_algorithm 3des; hash_algorithm sha1; authentication_method pre_shared_key; dh_group modp1024; } } sainfo address 192.168.10.0/24 any address 192.168.20.0/24 any { encryption_algorithm 3des ; authentication_algorithm hmac_sha1; compression_algorithm deflate ; } --- The configuration for Host B is similar but the other way round.. Thanks in advance, Juan _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lart...

...es; hash_algorithm md5; authentication_method pre_shared_key ; dh_group 2 ; } } sainfo anonymous { pfs_group 1; lifetime time 36000 sec; encryption_algorithm 3des,des,cast128,blowfish ; authentication_algorithm hmac_sha1,hmac_md5; compression_algorithm deflate ; } !<--- End of [1]---> !<-------- [2] Racoon Debug/Error msgs below ---------> # racoon -v -F -f /usr/local/etc/racoon/racoon.conf Foreground mode. 2004-01-08 15:26:03: INFO: main.c:172:main(): @(#)package version freebsd-20030826a 200...

Hi, When a IPSec tunnel is established between two peers, I understand that the "normal" situation is to have in a given moment two SAs, one for each direction of the tunnel. However, in one of my tunnels (peer P1 running GNU/Linux with setkey and racoon; peer P2 is a Cisco router) there is a large number (around 19) of SAs established (this has been observed in P1 with

Hi there, I have a problem I don''t know how to solve. Let''s say you have two services, applications, whatever that communicate with each other, and they establish a shared password or key to authenticate to the other part. This happens with DHCP/DNS (I think is called dynamic zone update, the DHCP server updates the DNS zone with information from the dynamically configured

...lude "/etc/racoon"; path pre_shared_key "/etc/racoon/psk.txt"; path certificate "/etc/racoon/certs"; sainfo anonymous { pfs_group 2; lifetime time 1 hour ; encryption_algorithm 3des, blowfish 448, rijndael ; authentication_algorithm hmac_sha1, hmac_md5 ; compression_algorithm deflate ; } include "/etc/racoon/192.168.120.165.conf"; Configuration on host-b looks similar, referencing back to host-a. When I ping host-b, the first packet is dropped, as expected (while Racoon does its job with automatic keying). I'v...

...nown-linux-gnu/dns.o r - output/pjlib-util-x86_64-unknown-linux-gnu/dns_dump.o r - output/pjlib-util-x86_64-unknown-linux-gnu/dns_server.o r - output/pjlib-util-x86_64-unknown-linux-gnu/getopt.o r - output/pjlib-util-x86_64-unknown-linux-gnu/hmac_md5.o r - output/pjlib-util-x86_64-unknown-linux-gnu/hmac_sha1.o r - output/pjlib-util-x86_64-unknown-linux-gnu/http_client.o r - output/pjlib-util-x86_64-unknown-linux-gnu/md5.o r - output/pjlib-util-x86_64-unknown-linux-gnu/pcap.o r - output/pjlib-util-x86_64-unknown-linux-gnu/resolver.o r - output/pjlib-util-x86_64-unknown-linux-gnu/scanner.o r - output/pjl...

On Tue, 23 Dec 2014, Dmt Ops wrote: > testing goole-authenticator's standalone functionality, it > > > cd google-authenticator/libpam/ > > ./demo > Verification code: 123456 > Login failed > Invalid verification code > > > > fails with an INVALID code, and > > > ./demo > Verification code: