[Swan] HMAC_SHA1 length

Tuomo Soini tis at foobar.fi
Thu Jul 23 09:10:05 UTC 2020

On Thu, 23 Jul 2020 10:24:37 +0200
Pavol Hustý <pavol.husty at gmail.com> wrote:

> I have running configuration libreswan with "ESP algorithm newest:
> AES_CBC_256-HMAC_SHA1_96".
> Questions: How to force or set current configuration libreswan to ESP
> algorithms with sha1 160 bit length. It is possible?

No, there is no such version of HMAC_SHA1. Hashing key is always
truncated with sha1 and sha2. With sha1 to 96 bits and with sha2_256 to
128 bits.

Tuomo Soini <tis at foobar.fi>
Foobar Linux services
+358 40 5240030
Foobar Oy <https://foobar.fi/>

More information about the Swan mailing list