Full Disclosure mailing list archives
Re: My response to both the analysis of CIPE by Gutmann, Slashdot and the response by the CIPE list
From: Alexandre Dulaunoy <alexandre.dulaunoy () ael be>
Date: Thu, 25 Sep 2003 12:52:39 +0200 (CEST)
On Thu, 25 Sep 2003, Florian Weimer wrote:
On Thu, Sep 25, 2003 at 03:43:06AM +0200, Jake Appelbaum wrote:After reading Gutmann's short but to the point email a few points that he made seemed obvious. Some of the flaws were not so obvious. CIPE seemed to have some very simple flaws and some of the fixes were easy to implement.The CRC flaw is not easy to correct.I found a some of it delivered in such a manner that would upset people who were highly vested in the projects he was criticizing. Perhaps it was the comment that I also found to be so amusing, something to do with sound waves. Amusing as it may be, it's still quite harsh.Especially as some of the flaws (the replay attacks) are actually documented in the manual.I then read through the posts on Slashdot that declared CIPE to be dead. I found these to be really immature and silly considering the nature of F/OSS.Maybe it's not dead, but I'd rather not use security software which is unmaintained. (Several people tried to reach Olaf and failed.)
FYI Around the same subject and about the Peter's paper : http://openvpn.sourceforge.net/ and a reply from Peter and the author about OpenVPN : http://sourceforge.net/mailarchive/forum.php?thread_id=3177601&forum_id=8453 http://sourceforge.net/mailarchive/message.php?msg_id=6123958 OpenVPN is free software and there is a port for WIN32 too... -- -- Alexandre Dulaunoy (adulau) -- http://www.foo.be/ -- http://pgp.ael.be:11371/pks/lookup?op=get&search=0x44E6CBCD -- "Knowledge can create problems, it is not through ignorance -- that we can solve them" Isaac Asimov _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- My response to both the analysis of CIPE by Gutmann, Slashdot and the response by the CIPE list Jake Appelbaum (Sep 24)
- Re: My response to both the analysis of CIPE by Gutmann, Slashdot and the response by the CIPE list Florian Weimer (Sep 25)
- Re: My response to both the analysis of CIPE by Gutmann, Slashdot and the response by the CIPE list Michal Zalewski (Sep 25)
- Re: My response to both the analysis of CIPE by Gutmann, Slashdot and the response by the CIPE list Alexandre Dulaunoy (Sep 25)
- Re: My response to both the analysis of CIPE by Gutmann, Slashdot and the response by the CIPE list Florian Weimer (Sep 25)