Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

firewall-wizards logo Firewall Wizards mailing list archives

Re: R: strong encryption for Europeans
From: Adam Shostack <adam () homeport org>
Date: Tue, 25 Nov 1997 08:54:52 -0500 (EST)
        Given that strong encryption is strong enough that you don't
need to worry about brute force, and that most of the strong
algorithms out there are faster than des, why use des?  The only
answer that springs to mind is that theres a fair bit of banking
equipment thats really well made out there.

          Bob Morris (Sr) talks about burglary, blackmail, buggered
equipment, and brute force as methods of cryptanalysis.  If you accept
that a faster, stronger algorithm is better, than you need to start
focusing on key generation, key exchange, authentication of data
stream, and managing the people who are responsible for the machines
use.  There's also the huge issue of what happens after your data
comes off this amazingly solid pipe into the swiss cheese monstrosity
which is your 'internal' network.

        Maybe there is a reason to use 56 bit keys; they lead to a
more realistic assessment of your security.

Adam

Andreas Siegert wrote:
| 
| If keys are changed often enough, I think 56 bits is still pretty much ok for
| most uses. It depends very much on the lifetime of the data transfered versus
| the time needed to crack the key. If the key is changed every 15 minutes (and
| I assume a much stronger protection on the key exchange), then the attacker
| not only has to deal with finding the key, but also with finding the window in
| which the data he is interested in was transferred.
| 
| On the other hand, has anyone used the ssh VPNs yet?
| 
| cheers
| afx
| 
| Quoting Franco RUGGIERI (fruggieri () selfin net):
| > Recently (June and October this year), attacks have been successfully
| > accomplished against DES and RC5 56 bit, by a huge number of computers
| > coordinated via Internet. Since participation in such effort was voluntary,
| > I wouldn't define such coordination as *strict*. Thus, we can assume that a
| > well determined organization would break codes based on keys up to 56 bit
| > in a reasonable amount of time. Therefore I wouldn't recommend VPNs based
| > on such systems (RCx, DES and the likes with *short*keys), unless for what
| > I would dub *minor areas* and for not long lasting applications.
| > This, of course, IMHO. I would appreciate comments (not flames!) on this
| > viewpoint of mine.
| 
| -- 
| Andreas Siegert       afx () ibm de / afx () barolo munich de ibm com / AFX at IPNET
| PGP Key:http://www.muc.de/~afx/pubkey.asc, KeyId AB26FD05
| 


-- 
"It is seldom that liberty of any kind is lost all at once."
                                                       -Hume

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]