On Thu, 25 Sep 2003, Florian Weimer wrote: > On Thu, Sep 25, 2003 at 03:43:06AM +0200, Jake Appelbaum wrote: > > > After reading Gutmann's short but to the point email a few points that > > he made seemed obvious. Some of the flaws were not so obvious. CIPE > > seemed to have some very simple flaws and some of the fixes were easy to > > implement. > > The CRC flaw is not easy to correct. > > > I found a some of it delivered in such a manner that would upset people > > who were highly vested in the projects he was criticizing. Perhaps it was > > the comment that I also found to be so amusing, something to do with > > sound waves. Amusing as it may be, it's still quite harsh. > > Especially as some of the flaws (the replay attacks) are actually > documented in the manual. > > > I then read through the posts on Slashdot that declared CIPE to be > > dead. I found these to be really immature and silly considering the > > nature of F/OSS. > > Maybe it's not dead, but I'd rather not use security software which is > unmaintained. (Several people tried to reach Olaf and failed.)
FYI Around the same subject and about the Peter's paper : http://openvpn.sourceforge.net/ and a reply from Peter and the author about OpenVPN : http://sourceforge.net/mailarchive/forum.php?thread_id=3177601&forum_id=8453 http://sourceforge.net/mailarchive/message.php?msg_id=6123958 OpenVPN is free software and there is a port for WIN32 too... -- -- Alexandre Dulaunoy (adulau) -- http://www.foo.be/ -- http://pgp.ael.be:11371/pks/lookup?op=get&search=0x44E6CBCD -- "Knowledge can create problems, it is not through ignorance -- that we can solve them" Isaac Asimov _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
