Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > NFR Wizards> 1997

NFR Wizards Archive: Re: R: strong encryption for Europeans

Re: R: strong encryption for Europeans

Arjo Mukherjee (mukherjeeebo.dec.com)
Tue, 25 Nov 1997 12:29:08 +0100

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Next message: Ted Doty: "Re: R: strong encryption for Europeans"
Previous message: -= ArkanoiD =-: "Re: Time for a new FWTK?"
In reply to: Marcus J. Ranum: "Re: Time for a new FWTK?"
Next in thread: Bennett Todd: "Re: R: strong encryption for Europeans"
Reply: Bennett Todd: "Re: R: strong encryption for Europeans"

Hi,

Just a comment that I wanted to tag onto this thread.

Even though the VPNs are using shorter length keys than some may
consider SECURE (eg 40 instead of 128), some of the products are
actually exchanging modified keys rather frequently (say in the ballpark
of tens of minutes). Hence, it may not be that easy to break. In other
words, the keys are not kept constant, thus it makes it a bit harder to
crack.

Arjo.

---------------------- COMMENTING ON -------------------------

Franco RUGGIERI wrote:
>
> Recently (June and October this year), attacks have been successfully
> accomplished against DES and RC5 65 bit, by a huge number of computers
> coordinated via Internet. Since participation in such effort was voluntary,
> I wouldn't define such coordination as *strict*. Thus, we can assume that a
> well determined organization would break codes based on keys up to 56 bit
> in a reasonable amount of time. Therefore I wouldn't recommend VPNs based
> on such systems (RCx, DES and the likes with *short*keys), unless for what
> I would dub *minor areas* and for not long lasting applications.
> This, of course, IMHO. I would appreciate comments (not flames!) on this
> viewpoint of mine.
> -------------------------------
> Franco RUGGIERI
> fruggieriselfin.net
>
> ----------
> > Da: Martin W Freiss <freiss.padsni.de>
> > A: kateforsys.msk.ru
> > Cc: firewallsGreatCircle.COM; firewall-wizardsnfr.net
> > Oggetto: Re: strong encryption for Europeans
> > Data: martedì 28 ottobre 1997 16.42
> >
> > Hi,
> >
> > > I would like to know which options are available to Europeans with
> regard
> > > to strong encryption VPNs. It appears that most of well known firewall
> > > vendors are US companies and their VPNs are subjects to US law export
> > > restrictions.
> >
> > well, there are European firewall solutions, though they seem to be less
> > well known. Check http://www.swn.sni.be for one solution that does
> > not suffer from US export restrictions. Choice of RC4 and IDEA for VPN,
> up
> > to 128 bits. (Disclaimer: I work for that company, which makes me
> > biased, so I will not compare this to other products here).
> >
> > > Another question: how strong is Check Point's FWZ1 ? What is its key
> > > length ? Are there any estimates as to how breakable it is ? Our local
> FW-1
> > > reseller could not enlighten me in the matter.
> >
> > 48 Bits for the encryption, if I remember correctly. Not knowing
> > anything more about FWZ1, I won't hazard a guess as to the breakability
> :)
> >
> > Best regards,
> >
> > -Martin
> >
> > --
> > Martin Freiss, MF194 | freiss.padsni.de | http://www.rmi.de/~marvin
> > Siemens Nixdorf, CC IT Networks, Solution Team Internet/Intranet
> > Half male, half e-mail.

Next message: Ted Doty: "Re: R: strong encryption for Europeans"
Previous message: -= ArkanoiD =-: "Re: Time for a new FWTK?"
In reply to: Marcus J. Ranum: "Re: Time for a new FWTK?"
Next in thread: Bennett Todd: "Re: R: strong encryption for Europeans"
Reply: Bennett Todd: "Re: R: strong encryption for Europeans"

This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:09:49 CDT