|
Bugtraq
mailing list archives
Re: Nortel CES (3DES version) offers false sense of securitywhenusi ng IPSEC
From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Thu, 1 Mar 2001 01:15:59 -0500
On Wed, 28 Feb 2001 14:33:06 PST, Crist Clark <crist.clark () GLOBALSTAR COM> said:
The bottom line: Who friggin' cares? Unless you are a forgein government
hiding data from NSA or one of its counterparts, no one who has the means
cares enough to bust DES for your data, let alone two- or three-key 3DES.
Umm.. the entry level for a DES breaker is well under $250K, as the EFF
showed some time ago. This is *WELL* within most Fortune 500 company's
budgets for industrial espionage. Applying Moore's Law, it will be
under $100K very soon, if not already.
At that point, even things like supermarket chains might want to
buy into it.. I'm sure that Food Lion (one local chain in my area)
would *love* to get the data Kroger (another chain) has collected with their
'Kroger Plus' card (get discounts, they collect data on what you buy).
And I'm equally sure that Kroger would love to get Food Lion's data
from their 'VIP' program (same idea, different name). Both programs had
to cost at least $250K to start chain-wide, so the management of each
chain obviously thinks their data is worth at least $250K.
Valdis Kletnieks
Operating Systems Analyst
Virginia Tech
 By Date 
By Thread
Current thread:
|
Intro
