Can Windows L2TP use AES and SHA2?

InlineFive

Diamond Member
Sep 20, 2003
9,599
2
0
Hey all,

Does anyone know if the Windows XP L2TP client supports AES and SHA2 vs 3DES and SHA1?

Thanks!

I5
 

Smilin

Diamond Member
Mar 4, 2002
7,357
0
0
If I remember right there have been collisions found in SHA1 but none of them have actually been broken. I'm behind on my reading though.

As a whole anything using IPSec should be fine. You're talking about the difference between a 10' steel door and a 12' steel door. Good luck breaking into either one. If you want to break into a system, decrypting L2TP traffic is NOT the first place you should start.

 

stash

Diamond Member
Jun 22, 2000
5,468
0
0
Will Vista also be able to use SHA2 for L2TP? I know SHA2 is in the CNG suite, so I would think it would be able to use it, but I don't know for sure.

I'm just happy that both the kernel and usermode implementations of AES will be FIPS certified in Vista. Currently, only the usermode one is, and EFS uses the kernel mode one. So customers currently need to enable the FIPS GPO which downgrades the algorithm to a FIPS certified 3DES implementation.
 

InlineFive

Diamond Member
Sep 20, 2003
9,599
2
0
Okay, one last question. I'm having a hard time using Certs instead of PSKs for authentication. How big of a security difference is there for these?

(I imported the user cert into the Computer - Personal folder, but my firewall just spits out malformed packet errors.)
 

InlineFive

Diamond Member
Sep 20, 2003
9,599
2
0
Well I'm currently using FreeS/WAN and in the instructions I only download a Host CSR for the client. Inside the PKCS#12 was only the client Cert.

Should I also import the firewall CA into the laptop?