Re: establish a 128 bit encrypted tunnel between centos 5.2 boxes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Ric Moore wrote:
On Tue, 2008-08-26 at 18:55 -0400, Robert Moskowitz wrote:
Jeff Kinz wrote:
On Tue, Aug 26, 2008 at 04:04:21PM -0400, Jerry Geis wrote:
Is there an easy way or anyway to establish a 128 bit encrypted tunnel between a handful of centos 5.2 boxes?
In addition the rest of the good info others already posted for you,
please remember that "128 bit encryption" doesn't mean anything unless you also specify the encryption scheme being used.

A 128 bit encryption scheme may or may not be easily broken depending on
which one it is. (Pick a good!)
Actually 'we' (crypto community) talk about crypto-suites, as you have to look at all the pieces involved. If everything is not disclosed (like with Skype), then you just don't know where the weakness may be.

SSH, IPsec (watch out for the 'Null' cipher :) ), TLS (some of the suites are too weak to talk about), and HIP are all well-rounded security protocols. I have worked on all of them.

Whatever happened to cipe?? Ric
Has it kept up with the known attacks? It predates a lot of work we did in IETF on IPsec, for example. For example I had to axe the implicite IV mode for DES-CBC due to the hamming distance attack. "But schnier lists counters as a valid method of generating IVs....". Sheesh, there is such a thing as new attacks (even if they are old to the NSA) as being reasons NOT to site old texts.


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux