> Frankly, I can't understand why the IPsec protocol still
> allows DES. It
> should require strong encryption. Having DES in a product
> these days makes
> about as much sense as mandating the usage of ROT13.
OK, so I want to prevent some regular, every-day hackers from picking up my
traffic. Or I just want reasonable protection for my passwords in Telnet or
FTP. You are saying that some guy in his basement can break DES?
For that matter, lets say I am protecting data from somewhat more
sophisticated attackers. DES still requires significant resources to crack
and I may have some level of assurance that it isn't worth their while. Or
maybe I just want to waste their resources.
OK, DES isn't great, but it is still sufficient for some (maybe even many)
purposes. If your threat model isn't severe and you need the bandwidth more,
then DES is fine. If you really need to protect your data, particularly from
government agencies, use something better. I'm inclined to use 3-DES since
the performance hit doesn't make much diff to my DSL-lite line and the other
end has more then sufficient horsepower to handle many 3-DES connections;
others may be in a more difficult position w.r.t. bandwidth vrs. security.
I am not excusing MS; their flaw was misleading the user. Their real mistake
is that the item should have been labeled '3-DES or DES (export friendly)'.
Paul Kierstead
TimeStep Corporation
mailto:[EMAIL PROTECTED] http:\\www.timestep.com
