Is it true that as the key expands bit-wise, the factoring time increases at
a non-linear rate?
If SecureCRT doesn't support 3DES, what do they (or you) recommend? It
seems to me (I have a lot of seams) that where we are headed with all this
is Artificial Intelligence. And that would solve a lot of the
mis-configuration problems & forgetfullness that security admins seem to
exhibit at times. Since it seems nearly impossible to base security
strictly on rule dominated firewall technolgy.....even with stateful
inspection....even with IDS systems. Some bizarre combination of FW's, IDS,
& security policy implementation run by an AI system all out of one box,
with tentacles everywhere. Sorry, I might have gotten a little carried away
there, but you get the idea. AI would provide instant response with a
stateful AND thoughtful inspection.
I know, I know, us amateurs don't have any idea what's involved. :)
Remember the universe produces idiots faster than programmers can idiot
proof software. What are your thoughts on this?
Larry Paul
"Artificial Intelligence: the art of making computers that behave like the
ones in movies."
-Bill Bulko
*-----Original Message-----
*From: Martin [mailto:[EMAIL PROTECTED]]
*Sent: Wednesday, November 29, 2000 12:37 PM
*To: Larry Paul
*Cc: Ben Nagy; firewalls_list
*Subject: Re: Poly who?
*
*
*Larry Paul wrote:
*
*> A mono... a mona....a poly... never mind
*> I have heard that you can purchase commercially 4 kilobit encryption &
*> thought to myself that that sounded like overkill. On the other
*hand Bill
*> Gates himself said that "Nobody will ever need more than 640k of ram."
*> Wouldn't 4 kb take a gazillion years to decrypt?
*
*As usual, this is a misnomer. At our current level of technology (as far
*as you know) it would take a gazillion years to brute force decrypt it.
*However, since encryption is typically based on large primes and
*factoring them together, if someone comes up with a new way of doing
*that, or as Moore's law marches on, it gets easier. Of course, storage
*isn't keeping up with Moore, so that does tend to slow things down a
*bit, but then, that's what caching is for.
*
*Keep in mind that ssh used to support a 56 bit single-DES encryption
*scheme, which has actually been dropped (in favor of 3DES) from most ssh
*implementations (including the "official" ssh, and OpenSSH/OpenSSL, but
*not Cisco boxen and SecureCRT, which is what I use to admin my PIX) but
*they decided that that was too weak and vulnerable (If you have some
*nice hardware you can defeat it fairly rapidly) and actually stopped
*supporting it. While I disagree with actions like this (IE, protecting
*me from myself) it does underline the point that as time goes by, the
*need for stronger and stronger encryption to keep up with advances in
*technology becomes clear.
*
*
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
