Re: My response to both the analysis of CIPE by Gutmann, Slashdot and the response by the CIPE list

[Alexandre Dulaunoy <alexandre.dulaunoy () ael be>]

On Thu, 25 Sep 2003, Florian Weimer wrote:

> On Thu, Sep 25, 2003 at 03:43:06AM +0200, Jake Appelbaum wrote:
>
> > After reading Gutmann's short but to the point email a few points that
> > he made seemed obvious. Some of the flaws were not so obvious. CIPE
> > seemed to have some very simple flaws and some of the fixes were easy to
> > implement.
>
> The CRC flaw is not easy to correct.
>
> > I found a some of it delivered in such a manner that would upset people
> > who were highly vested in the projects he was criticizing. Perhaps it was
> > the comment that I also found to be so amusing, something to do with
> > sound waves. Amusing as it may be, it's still quite harsh.
>
> Especially as some of the flaws (the replay attacks) are actually
> documented in the manual.
>
> > I then read through the posts on Slashdot that declared CIPE to be
> > dead. I found these to be really immature and silly considering the
> > nature of F/OSS.
>
> Maybe it's not dead, but I'd rather not use security software which is
> unmaintained.  (Several people tried to reach Olaf and failed.)

FYI 

Around the same subject and about the Peter's paper :

http://openvpn.sourceforge.net/

and a reply from Peter and the author about OpenVPN :

http://sourceforge.net/mailarchive/forum.php?thread_id=3177601&forum_id=8453
http://sourceforge.net/mailarchive/message.php?msg_id=6123958

OpenVPN is free software and there is a port for WIN32 too... 


-- 
--                   Alexandre Dulaunoy (adulau) -- http://www.foo.be/
--         http://pgp.ael.be:11371/pks/lookup?op=get&search=0x44E6CBCD
--         "Knowledge can create problems, it is not through ignorance
--                                that we can solve them" Isaac Asimov



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html