Ric Moore wrote:
On Tue, 2008-08-26 at 18:55 -0400, Robert Moskowitz wrote:
Jeff Kinz wrote:
On Tue, Aug 26, 2008 at 04:04:21PM -0400, Jerry Geis wrote:
Is there an easy way or anyway to establish a 128 bit encrypted tunnel
between a handful of centos 5.2 boxes?
In addition the rest of the good info others already posted for you,
please remember that "128 bit encryption" doesn't mean anything
unless you also specify the encryption scheme being used.
A 128 bit encryption scheme may or may not be easily broken depending on
which one it is. (Pick a good!)
Actually 'we' (crypto community) talk about crypto-suites, as you have
to look at all the pieces involved. If everything is not disclosed (like
with Skype), then you just don't know where the weakness may be.
SSH, IPsec (watch out for the 'Null' cipher :) ), TLS (some of the
suites are too weak to talk about), and HIP are all well-rounded
security protocols. I have worked on all of them.
Whatever happened to cipe?? Ric
Has it kept up with the known attacks? It predates a lot of work we did
in IETF on IPsec, for example. For example I had to axe the implicite
IV mode for DES-CBC due to the hamming distance attack. "But schnier
lists counters as a valid method of generating IVs....". Sheesh, there
is such a thing as new attacks (even if they are old to the NSA) as
being reasons NOT to site old texts.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
