I'd personally like to know why the IE 128 key expandable or switchable. Is there a way to adapt a stronger key set to it to insure far greater security than exists now?

Steve McAlexander
830-627-7669 Offsite Office
210-316-6489 Cellular

"There is nothing more difficult to plan, more doubtful of success, nor more dangerous to manage than the creation of a new system. For the initiator has the enmity of all who would profit by the preservation of the old system and merely lukewarm defenders in those who would gain by the new one." --Machiavelli, 1513

-----Original Message-----
From: Focus on Microsoft Mailing List [mailto:FOCUS-MSSECURITYFOCUS.COM]On Behalf Of Pybus, David
Sent: Wednesday, May 02, 2001 06:37
To: FOCUS-MSSECURITYFOCUS.COM
Subject: Re: Question re:Microsoft and 128-bit security

The 128-bit indicates the length of they key being used for encryption.
Knowing the key length alone tells you nothing about the security offered.
It is only when the type of cryptography in use and the length of the key
are considered together that it begins to give an indication of the strength
of crypto available. For example a 128-bit asymmetric system (Public crypto)
would normally be pretty useless on the other hand a symmetric DES 128-bit
system offers a high level of security.

It is a common misnomer that just because something uses 128-bit security
that it is secure. There are all sorts of other issues to consider:
        What is the encryption algorithm being used?
        How are the keys generated?
        How are the keys exchanged?
        How are they keys protected?
Without satisfactory answers to all of these questions then a
system/application protected by cryptography may not be as secure as the
128bit may at first have suggested.

If you want more detailed info then the RSA Crypto FAQ is worth a look:
        http://www.rsasecurity.com/rsalabs/faq/
Or you might want to consider a book such as "Applied Cryptography" by
Schneir.

David Pybus

-----Original Message-----
From: Scott Ehrlich [mailto:scottMIT.EDU]
Sent: 01 May 2001 13:06
To: FOCUS-MSSECURITYFOCUS.COM
Subject: [FOCUS-MS] Question re:Microsoft and 128-bit security

Hello to all:

Speaking of 128-bit security, could someone please provide a white paper,
links, etc, to what the term actually means? It has the connotation of
being a cloud (like "the Internet"). I'd like to find out the details of
how it actually works - what it actually does.

Additionally, what resources, links, white papers, etc, are there to
detail how various Windows flavors utilize the security enhancement in
ways other than with web browsers? For example, if via mapping network
drives, what specifically happens? What communication takes place
without 128-bit vs with?

Thanks for any/all links and leads.

Scott

On Sun, 29 Apr 2001, Robert D. Hughes wrote:

> Amazingly enough, installing the high encryption security pack gets rid of
> this error. For some reason, 2k seems to always try to use strong
encryption
> no matter what's been configured, or even if nothing has been configured,
and
> this event entry is telling you that. As for your actual question, its
been
> answered by others.
>
> -----Original Message-----
> From: Amer Karim [mailto:amerkTELUS.NET]
> Sent: Thursday, April 26, 2001 11:54 PM
> To: FOCUS-MSSECURITYFOCUS.COM
> Subject: Info in W2K Pro Event viewer
>
>
> Hi everyone,
>
> Does anyone know what the following is referring to?
>
>
> Event Type: Information
> Event Source: Oakley
> Event Category: None
> Event ID: 542
> Date: 26/03/2001
> Time: 02:10:53
> User: N/A
> Computer: ORIGINS
> Description:
> The IP Security policy for ISAKMP/Oakley specified an encryption algorithm
> that is invalid due to export cryptography restrictions. All 3DES
> encryption used by ISAKMP/Oakley is weakened to standard DES encyption.
> Generally, this is benign. ISAKMP/Oakley will still be able to negotiate
IP
> security parameters, and protect that negotiation with DES encryption.
This
> should only be of concern if you demand that the ISAKMP/Oakley negotiation
> be protected with 3DES encryption. If this is the case, please contact
your
> network administrator.
>
>
> What is ISAKMP/Oakley? Any info would be greatly appreciated, especially
> since I can't seem to find any info on this in any of the knowledge base
> articles. And this is something that appears seemingly at random bursts -
> the date in the event above was the first occurrence I can find in the
event
> viewer application log.
>
> TIA,
> Amer Karim
> Nautilis Information Systems
> E-Mail: amerktelus.net; mamerkhotmail.com
>

**********************************************************************
COLT Telecommunications
Registered in England No. 2452736
Registered Office: Bishopsgate Court, 4 Norton Folgate, London E1 6DQ
Tel. 020 7390 3900

This message is subject to and does not create or vary any contractual
relationship between COLT Telecommunications, its subsidiaries or
affiliates ("COLT") and you. Internet communications are not secure
and therefore COLT does not accept legal responsibility for the
contents of this message. Any view or opinions expressed are those of
the author. The message is intended for the addressee only and its
contents and any attached files are strictly confidential. If you have
received it in error, please telephone the number above. Thank you.

**********************************************************************

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]