Firewall Wizards mailing list archives
RE: FW: CISCO PIX Vulnerability
From: Rick Smith <rick_smith () securecomputing com>
Date: Wed, 17 Jun 1998 13:27:55 -0500
At 01:51 PM 6/17/98 -0700, Hal wrote:
Are you seriously arguing for continuing to use weak crypto over better
systems? I know it's e-mail and maybe I'm being too subtle. Or maybe I misinterpreted irony on your part. To recap: I interpreted your original comment as saying that it's appropriate from a security standpoint for some applications to use shorter key lengths. Adam seemed to disagree, and declared that all products with shorter keys are "stupid" and shouldn't be used for anything. I disagreed, arguing that information security is a systems question, and not decided by a single property like key length. I also pointed out that published reports of commercial security incidents are consistent with this: attackers don't brute force the key, they go around it. Naturally, longer keys are always to be preferred to shorter ones. Unfortunately, people can only use products that really exist, not products that some theoretician argues could exist. Personally, I want to see as many people using crypto as possible, regardless of how long or short the keys are. That's the only way we're going to have the experience to know how to make longer key lengths actually pay off with improved security. Otherwise, we've got a steel gate and a cardboard fence.
Gosh, I thought only NSA people argued like that.
NSA people don't argue. They just issue you the crypto. If it doesn't solve your problem, you have to either do the job unprotected or rearrange the job to fit their architectural straitjacket. In Desert Storm, people sometimes had to do without, since they couldn't always fit things into the straitjacket. In the commercial world we ought to be able to do better than that. The crypto prima donna act is also an NSA trademark. Let's not be priests, let's be evangelists. Rick. smith () securecomputing com
Current thread:
- FW: CISCO PIX Vulnerability, (continued)
- FW: CISCO PIX Vulnerability Hal (Jun 15)
- Re: FW: CISCO PIX Vulnerability Adam Shostack (Jun 16)
- Re: FW: CISCO PIX Vulnerability Rick Smith (Jun 17)
- Re: FW: CISCO PIX Vulnerability Perry E. Metzger (Jun 18)
- Re: FW: CISCO PIX Vulnerability Rick Smith (Jun 18)
- Re: FW: CISCO PIX Vulnerability Perry E. Metzger (Jun 23)
- Going Public with Brute Force (was: CISCO PIX) Rick Smith (Jun 23)
- Re: FW: CISCO PIX Vulnerability Adam Shostack (Jun 16)
- FW: CISCO PIX Vulnerability Hal (Jun 15)
- Re: FW: CISCO PIX Vulnerability Adam Shostack (Jun 23)
- Re: FW: CISCO PIX Vulnerability Darren Reed (Jun 24)
- RE: FW: CISCO PIX Vulnerability Rick Smith (Jun 17)
- RE: FW: CISCO PIX Vulnerability Ted Doty (Jun 18)
- Re: FW: CISCO PIX Vulnerability Joseph S. D. Yao (Jun 26)