Thanks Piotr.
On 3/24/10, Piotr Matusiak <pitt2k_at_gmail.com> wrote:
> Eseosa,
>
> By default KEK uses 3DES/SHA but you can change it using the following
> commands:
>
> rekey algorithm
> rekey authentication
>
> HTH,
> --
> Piotr Matusiak
> CCIE #19860 (R&S, Security)
> Technical Instructor
> website: www.MicronicsTraining.com
>
>
> �If you can't explain it simply, you don't understand it well enough� -
> Albert Einstein
>
>
> 2010/3/23 eseosa <eseosa.ehiwe_at_gmail.com>
>
>> Wrong understanding of technology , KEK is always 3DES and SHA for
>> encryption and hashing of control messages(which includes changes to
>> the traffic encryption policy(TEK) on the KS) respectively.
>>
>> On 3/23/10, eseosa <eseosa.ehiwe_at_gmail.com> wrote:
>> > Hi All,
>> >
>> > I just want to be sure if KEK rekey messages requires at least SHA for
>> > hashing , because on my KS the transform set for signing rekeying
>> > messages is set to 3des and md5 , but on the Group Members the KEK
>> > uses SHA as hashing method while TEK uses md5 .
>> >
>> >
>> > --
>> > Warm Regards,
>> >
>> > Eseosa
>> > CCIE #23782
>> > "The Christian is a person who makes it easy for others to believe in
>> > God." - Robert M. McCheyne
>> >
>>
>>
>> --
>> Warm Regards,
>>
>> Eseosa
>> CCIE #23782
>> "The Christian is a person who makes it easy for others to believe in
>> God." - Robert M. McCheyne
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>>
>>
>>
>
--
Warm Regards,
Eseosa
CCIE #23782
"The Christian is a person who makes it easy for others to believe in
God." - Robert M. McCheyne
Blogs and organic groups at http://www.ccie.net
Received on Thu Mar 25 2010 - 08:35:32 ART