At 10:03 AM 5/18/00 -0400, Paul Kierstead wrote:
>OK, so I want to prevent some regular, every-day hackers from picking up my
>traffic. Or I just want reasonable protection for my passwords in Telnet or
>FTP. You are saying that some guy in his basement can break DES?
There's a lot of spare cycles *not* being used to comb RF for aliens...
If you're only worried about the bored sysop with grep and five minutes to
spare, use rot13 -and you can do this at OC192+ no prob :-)
>I'm inclined to use 3-DES since
>the performance hit doesn't make much diff to my DSL-lite line
DES was designed for hardware. Its slow in software. 3 DES is thrice
as bad. Modern ciphers are faster, and well supported by modern CPUs
(IDEA was designed for CPUs with 16-bit multipliers; Blowfish for CPUs with
4 kby cache).
The *only* reason for using DES (or 3DES) is legacy systems, ie, backwards
interop. IPSec stacks (like *all* crypto things) should come with, and
negotiate to use, better crypto when they can. Which should be most of the
time, given how new both sides of most links will be. (Most of the
computers ever built are alive today..)
I suppose it doesn't really matter what alg you use, as long as you're not
using your CPU for much else, and you're only driving a slow line. That
situation, especially the latter, won't last.
Steam engines are fine for railroads, not so great for cars, and
useless for airplanes. DES is a steam engine.
>I am not excusing MS; their flaw was misleading the user.
Bingo.
Problem is, this is a very serious fraud; its not just a typical
MS lie ("WinNT server is *much* different from NT workstation")
but something that has real implications for the people who need
it most... MS has a real strong reputation for designing in convenience
over security...
--------
If software were buildings, the first woodpecker to come along would
knock down civilization.
If MS-software were locks, the first lockpicker to come along
would pass through like a ghost.
