Eseosa,
By default KEK uses 3DES/SHA but you can change it using the following
commands:
rekey algorithm
rekey authentication
HTH,
--
Piotr Matusiak
CCIE #19860 (R&S, Security)
Technical Instructor
website: www.MicronicsTraining.com
�If you can't explain it simply, you don't understand it well enough� -
Albert Einstein
2010/3/23 eseosa <eseosa.ehiwe_at_gmail.com>
> Wrong understanding of technology , KEK is always 3DES and SHA for
> encryption and hashing of control messages(which includes changes to
> the traffic encryption policy(TEK) on the KS) respectively.
>
> On 3/23/10, eseosa <eseosa.ehiwe_at_gmail.com> wrote:
> > Hi All,
> >
> > I just want to be sure if KEK rekey messages requires at least SHA for
> > hashing , because on my KS the transform set for signing rekeying
> > messages is set to 3des and md5 , but on the Group Members the KEK
> > uses SHA as hashing method while TEK uses md5 .
> >
> >
> > --
> > Warm Regards,
> >
> > Eseosa
> > CCIE #23782
> > "The Christian is a person who makes it easy for others to believe in
> > God." - Robert M. McCheyne
> >
>
>
> --
> Warm Regards,
>
> Eseosa
> CCIE #23782
> "The Christian is a person who makes it easy for others to believe in
> God." - Robert M. McCheyne
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Wed Mar 24 2010 - 20:44:55 ART