Bugtraq mailing list archives
Re: Nortel CES (3DES version) offers false sense of securitywhenusi ng IPSEC
From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Thu, 1 Mar 2001 01:15:59 -0500
On Wed, 28 Feb 2001 14:33:06 PST, Crist Clark <crist.clark () GLOBALSTAR COM> said:
The bottom line: Who friggin' cares? Unless you are a forgein government hiding data from NSA or one of its counterparts, no one who has the means cares enough to bust DES for your data, let alone two- or three-key 3DES.
Umm.. the entry level for a DES breaker is well under $250K, as the EFF showed some time ago. This is *WELL* within most Fortune 500 company's budgets for industrial espionage. Applying Moore's Law, it will be under $100K very soon, if not already. At that point, even things like supermarket chains might want to buy into it.. I'm sure that Food Lion (one local chain in my area) would *love* to get the data Kroger (another chain) has collected with their 'Kroger Plus' card (get discounts, they collect data on what you buy). And I'm equally sure that Kroger would love to get Food Lion's data from their 'VIP' program (same idea, different name). Both programs had to cost at least $250K to start chain-wide, so the management of each chain obviously thinks their data is worth at least $250K. Valdis Kletnieks Operating Systems Analyst Virginia Tech
Current thread:
- Re: Nortel CES (3DES version) offers false sense of securitywhenusi ng IPSEC Crist Clark (Feb 28)
- Re: Nortel CES (3DES version) offers false sense of securitywhenusi ng IPSEC Valdis Kletnieks (Mar 01)
- Re: Nortel CES (3DES version) offers false sense of securitywhenusi ng IPSEC Ben Greenbaum (Mar 01)