"Janusz A. Urbanowicz" wrote: > > Is there really no other cipher option than DES? It's broken, you know. > > FreeSWAN is deliberately explcuding it, even though it's part of the > > standard. I wouldn't support it in new projects. > > I wouldn't dare to call DES broken. It is the most researched algorithm we > have, with the only weakness of key size (which is cured by using 3DES). Single DES has been literally broken several times. If you don't want to call it "broken", perhaps "weak", or "insecure" or "obsolete"? There's a fairly detailed discussion in the FreeS/WAN documentation: http://www.freeswan.org/freeswan_trees/freeswan-1.91/doc/politics.html#desnotsecure Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
