Firewall Wizards mailing list archives
Re: FW: CISCO PIX Vulnerability
From: Adam Shostack <adam () homeport org>
Date: Fri, 19 Jun 1998 12:04:19 -0400 (EDT)
Rick Smith wrote: | Adam Shostack's characterization of DES based products as "stupid" is | important to examine, since DES is a mandatory part of all IPSEC | implementations, and is currently the strongest product that some vendors | can export. | | Blanket criticism of short key lengths may be a worthwhile exercise for | crypto theoreticians, but it's misplaced when looking at the "big picture" | of information security. Sites accept lots and lots of vulnerabilities that | are far riskier than even 40 bit encryption. That is correct. However, I assume that when looking at, eg, VPN products, the site does not want to do a complete security evaluation, it wants to evaluate cryptographic products. If the company is situated somewhere where it can not buy cryptography stronger than 40 or 56 bits, then it is forced by its government to accept risk. I believe France is the only place where these laws are enforced. Laws about deployment exist in other places, but go unenforced. See http://cwis.kub.nl/~frw/people/koops/lawsurvy.htm. If the company can buy longer key lengths, then it is likely a foolish decision not to, assuming the products have roughly equal management features. The export issue is largely a red herring, since I am either outside the US, and can buy strong crypto from free world vendors, or I am in the US, and can buy domestic or foriegn, or I am multinational, and can buy from outside the US. The fact that I can't buy from US vendors worldwide does not mean that solid, well written products are not available worldwide. Not using long key lengths, where other factors are equal, is stupid. The extra security is roughly free. Let me repeat, where other factors are equal. | Let's face it -- lots of people HAVE defaced web sites, they HAVE sniffed | reusable passwords, insiders HAVE stolen plaintext lists of credit card | numbers, con artists HAVE tricked people out of their money on the | Internet. On the other hand, there are NO reports of a criminal or | competitor having ever mounted a brute force cracking attack on a | commercial enterprise and caused it real damage. The fact that custom | cracking machines *could* exist does not mean that there is an economic | justification to cause them to exist. References to Morris, Sr., simply | underline the difference between the NSA's attitude and the real world of | commercial security (another interesting philosophical topic). Perry has responded well to this set of assertions. I quoted Morris because, like Perry, I can't comment on the things I've been seen and participated in. I know of at least two cryptanalysis companies that have been contacted to build a DES key cracker. I don't know if either accepted the contract. | Naturally people should use the longest crypto keys they can get, but it's | not the only technical feature deters attacks. If a product with shorter | keys protects just the right traffic and runs safely and reliably in other | ways, then it might be a better choice. Many companies are better with | their crufty old DES hardware and highly developed internal procedures than | they'd be with the latest 128 bit VPN equipment and unfamiliar | administrative procedures. Security systems WILL fail regardless of how | long the key is. Sites can only expend finite resources, and they have to | cover ALL the threats as best they can. Absolutely. I said 'buying' a DES product is stupid, and I'll stand by that. If you have a DES product deployed, its probably time or past time to replace it, but if you have proper management solutions in place, that might be hard. Given the management processes I've seen in most places, replacing your old hardware with something newer will be unlikely to cause a reduction in the quality of the KM process. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume
Current thread:
- CISCO PIX Vulnerability Damir Rajnovic (Jun 03)
- Re: CISCO PIX Vulnerability lum (Jun 04)
- <Possible follow-ups>
- FW: CISCO PIX Vulnerability Hal (Jun 15)
- Re: FW: CISCO PIX Vulnerability Adam Shostack (Jun 16)
- Re: FW: CISCO PIX Vulnerability Rick Smith (Jun 17)
- Re: FW: CISCO PIX Vulnerability Perry E. Metzger (Jun 18)
- Re: FW: CISCO PIX Vulnerability Rick Smith (Jun 18)
- Re: FW: CISCO PIX Vulnerability Perry E. Metzger (Jun 23)
- Going Public with Brute Force (was: CISCO PIX) Rick Smith (Jun 23)
- Re: FW: CISCO PIX Vulnerability Adam Shostack (Jun 16)
- Re: FW: CISCO PIX Vulnerability Adam Shostack (Jun 23)
- Re: FW: CISCO PIX Vulnerability Darren Reed (Jun 24)
- RE: FW: CISCO PIX Vulnerability Rick Smith (Jun 17)
- RE: FW: CISCO PIX Vulnerability Ted Doty (Jun 18)
- Re: FW: CISCO PIX Vulnerability Joseph S. D. Yao (Jun 26)