Bugtraq mailing list archives
Re: single-DES phase 1
From: Jose Nazario <jose () BIOCSERVER BIOC CWRU EDU>
Date: Wed, 28 Feb 2001 11:27:44 -0500
On Wed, 28 Feb 2001, *Hobbit* wrote:
Earlier versions of the IPSEC standards required single-DES at a minimum, so it's not surprising that holdovers of this sort exist in any product. Would it be worth collecting a public list of "IKE to watch out for"?
i spoke to some folks at Cisco a couple of months ago, and one of the things i inquired about was an ETA on VPN products shipping with AES. they told me that at the time they weren't even looking at it since it was still up in the air. as of today (feb 28, 2001) a deaft FIPS standard is available on AES: http://csrc.nist.gov/encryption/aes/ however, it's still a draft. it has 90 days of public review. in their factsheet, NIST states that some time in late spring 2001 or early summer of this year AES will be finalized. aside from DES and 3DES, it looks like nothing else can reasonably be standardized on. and with AES in the wings, so close in terms of a product development and production cycle, this seems like a wise decision. as such, i expect that this list of weak encryption products will be lengthy. this is a real bummer than good, strong VPN encryption products wont be available on the consumer market for some time. i'm just not comfortable with DES for the obvious reasons, and 3DES seems to have its occassional implementation problem, as well. (in the meantime i have been using OpenBSD IPSec VPNs with Blowfish encryption.) ____________________________ jose nazario jose () cwru edu PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80 PGP key ID 0xFD37F4E5 (pgp.mit.edu)
Current thread:
- single-DES phase 1 *Hobbit* (Feb 28)
- Re: single-DES phase 1 Jose Nazario (Feb 28)
- <Possible follow-ups>
- Re: single-DES phase 1 Rukshin, David (Feb 28)