On Thu, Dec 18, 2003 at 08:11:26AM -0700, Michael Gale wrote: > Hello, > You should seriously consider Super FreeS/Wan ... it supports more then DES and 3DES which are out dated and I believe it has been proven. FreeSWAN doesn't support DES because it's considered weak. Single DES hasn't been "cracked" per se, it's just that it's keyspace (56 bits) is now considered too small to resist concerted brute force attacks. If it's used for persistent storage of data, you could have a real problem. If it's used with ephemeral keys in a communications channel with frequent auto-rekeying and perfect forward secrecy (supported by IKE/pluto) it's not so much a problem since brute forcing would take longer than the life expectancy of the ephemeral key. If you used it for long term "shared secret" keys and sessions with no rekeying, you could have a problem. So if you want to be really REALLY sure, you avoid single DES and so unpatched FreeSWAN doesn't support it. > Michael. > On Thu, 18 Dec 2003 09:54:32 -0500 > "John A. Sullivan III" <john.sullivan@xxxxxxxxxxxxx> wrote: > > > On Thu, 2003-12-18 at 07:58, Laxmi_Narsaiah wrote: > > > Hi, > > > > > > Can I have DES / 3 DES VPN with IPtables Kernal kernel version 2.4.20 > > > with IPSEC installed, please let me know. > > > > > <snip> > > We do this all the time with FreeS/WAN. In fact, we are developing a > > GUI front end to managed combined firewall and VPN security for large, > > complex implementations. You can find training slide shows on using > > iptables, FreeS/WAN, iproute2 and DHCP at http://iscs.sourceforge.net - > > Good luck > > -- > > John A. Sullivan III > > Chief Technology Officer > > Nexus Management > > +1 207-985-7880 > > john.sullivan@xxxxxxxxxxxxx > > --- > > If you are interested in helping to develop a GPL enterprise class > > VPN/Firewall/Security device management console, please visit > > http://iscs.sourceforge.net > > > > > > > -- > Michael Gale > Network Administrator > Utilitran Corporation Mike -- Michael H. Warfield | (770) 985-6132 | mhw@xxxxxxxxxxxx /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
Attachment:
pgp00701.pgp
Description: PGP signature
