What conceivable trade-offs could you have to make to get acceptable
performance out of symmetric crypto encrypted+authenticated tunnel?
All ciphers you should be using are like 50MB/sec on a 1Ghz machine!!

If you look at eg cebolla (more anonymity than VPN, but it's a nested
forward-secret VPN related thing) it's even possible to do pretty
immediate forward secrecy every second or something at minimal CPU
cost.  (I'll read the writeup but that trade-off argument sounds very


On Fri, Sep 26, 2003 at 12:12:03PM +0200, Guus Sliepen wrote:
> Hello Peter Gutmann and others,
> Because of its appearance on this mailing list and the Slashdot posting
> about "Linux's answer to MS-PPTP", and in the tinc users' interest, we
> have created a section about the current security issues in tinc, which
> currently contains a response to Peter Gutmann's writeup:
> http://tinc.nl.linux.org/security
> I want to emphasize for the cryptography community here that certain
> tradeoffs have been made between security and efficiency in tinc. So
> please read the response as "why we think we need to do/used to do it
> this way" instead of "why we think tinc is still as secure as anything
> else". Comments are welcome. 
> -- 
> Met vriendelijke groet / with kind regards,
>     Guus Sliepen <[EMAIL PROTECTED]>

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to