Re: R: strong encryption for Europeans

[Arjo Mukherjee <mukherjee () ebo dec com>]

Hi,

Just a comment that I wanted to tag onto this thread.  

Even though the VPNs are using shorter length keys than some may
consider SECURE (eg 40 instead of 128), some of the products are
actually exchanging modified keys rather frequently (say in the ballpark
of tens of minutes).  Hence, it may not be that easy to break.  In other
words, the keys are not kept constant, thus it makes it a bit harder to
crack.

Arjo.

---------------------- COMMENTING ON -------------------------



Franco RUGGIERI wrote:
> Recently (June and October this year), attacks have been successfully
> accomplished against DES and RC5 65 bit, by a huge number of computers
> coordinated via Internet. Since participation in such effort was voluntary,
> I wouldn't define such coordination as *strict*. Thus, we can assume that a
> well determined organization would break codes based on keys up to 56 bit
> in a reasonable amount of time. Therefore I wouldn't recommend VPNs based
> on such systems (RCx, DES and the likes with *short*keys), unless for what
> I would dub *minor areas* and for not long lasting applications.
> This, of course, IMHO. I would appreciate comments (not flames!) on this
> viewpoint of mine.
> -------------------------------
> Franco RUGGIERI
> fruggieri () selfin net
>
> ----------
> > Da: Martin W Freiss <freiss.pad () sni de>
> > A: kate () forsys msk ru
> > Cc: firewalls () GreatCircle COM; firewall-wizards () nfr net
> > Oggetto: Re: strong encryption for Europeans
> > Data: martedì 28 ottobre 1997 16.42
> >
> > Hi,
> >
> > > I would like to know which options are available to Europeans with
> regard
> > > to strong encryption VPNs. It appears that most of well known firewall
> > > vendors are US companies and their VPNs are subjects to US law export
> > > restrictions.
> >
> > well, there are European firewall solutions, though they seem to be less
> > well known. Check http://www.swn.sni.be for one solution that does
> > not suffer from US export restrictions. Choice of RC4 and IDEA for VPN,
> up
> > to 128 bits. (Disclaimer: I work for that company, which makes me
> > biased, so I will not compare this to other products here).
> >
> > > Another question: how strong is Check Point's FWZ1 ? What is its key
> > > length ? Are there any estimates as to how breakable it is ? Our local
> FW-1
> > > reseller could not enlighten me in the matter.
> >
> > 48 Bits for the encryption, if I remember correctly. Not knowing
> > anything more about FWZ1, I won't hazard a guess as to the breakability
> :)
> > Best regards,
> >
> > -Martin
> >
> > --
> >  Martin Freiss, MF194   | freiss.pad () sni de | http://www.rmi.de/~marvin
> >  Siemens Nixdorf, CC IT Networks, Solution Team Internet/Intranet
> > Half male, half e-mail.