From 21a45f2f2d4c6084bd17a2a9b51a25844b535603 Mon Sep 17 00:00:00 2001
From: Andreas Steffen <andreas.steffen@strongswan.org>
Date: Sun, 26 Oct 2008 23:53:52 +0000
Subject: use 512 bits of entropy for secret DH exponents

---
 src/pluto/constants.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/pluto/constants.h')

diff --git a/src/pluto/constants.h b/src/pluto/constants.h
index 989faeea3..9505d3426 100644
--- a/src/pluto/constants.h
+++ b/src/pluto/constants.h
@@ -279,7 +279,7 @@ extern const char sparse_end[];
 	"4009438B 481C6CD7 889A002E D5EE382B C9190DA6 FC026E47" \
 	"9558E447 5677E9AA 9E3050E2 765694DF C81F56E8 80B96E71" \
 	"60C980DD 98EDD3DF FFFFFFFF FFFFFFFF"
-#define LOCALSECRETSIZE		(256 / BITS_PER_BYTE)
+#define LOCALSECRETSIZE		(512 / BITS_PER_BYTE)
 
 /* limits on nonce sizes.  See RFC2409 "The internet key exchange (IKE)" 5 */
 #define MINIMUM_NONCE_SIZE	8	/* bytes */
-- 
cgit v1.2.3