On Wed, 2002-06-19 at 16:53, Edmund Cramp wrote: > > At 02:09 PM 6/18/2002 -0500, you wrote: > > >Just offhand I'd say that didn't sound too bad ... if the > > security is to > > >be any good it *ought* to require a bit of cpu time. > > Basically it's a > > > > Why do you think that? > > > > Regards, Dustin > > Just a gut feeling Dustin, if it's very easy (i.e. quick) to encrypt > then it will probably be relativly easy to decrypt by a brute force > attack. > > Plus the encrypt/decrypt is being run at both ends of the pipe so > there's a possibility that we encrypt a packet and transmit it, and then > wait until the other end has decrypted and ACK'd it before sending the > next packet ... depending on how the VPN is written and buffer size etc.
I am not sure, but I would think that there has to be an ACK before the next packet. > > Is the VPN encrypting the packet contents or the complete packet? I > would expect that the latter would be slower but has the advantage of > hiding the traffic information. > In my case (as well as I understand IPSec) I am nly doing "esp" and not "ah" (Authenticated Headers) which means that only the payload is encrypted. However since I am going from an internal network to public IP space and to an internal network, there has to be some wrapping of the packet in there also. So if I am correct this is what is happening: () is unencrypted [] is encrypted (header-payload)->(header(header-payload))->(header[header(header-payload))]) 10.x.x.x intern. interface 10.x.x.x external interface 130.x.x.x and then reverse when it reaches the other gateway. Seems like that would add some latency! Can anyone agree or disagree with (and/or enlighten) me on this? > I'm just an interested observer here - not a VPN expert at all... > although I'm tempted to give WalMart a call and see if I can order a VPN > <grin> > > -- > Edmund Cramp > http://www.emgsrus.com/graffiti.htm > > > > _______________________________________________ > General mailing list > [email protected] > http://brlug.net/mailman/listinfo/general_brlug.net -- Shannon Roddy __________________________________________________________________ Systems Administrator California Institute of Technology [EMAIL PROTECTED] LIGO Livingston Observatory ph: (225)686-3106 19100 LIGO Lane fx: (225)686-7189 Livingston, LA 70754 Web Page http://www.ligo-la.caltech.edu/~sroddy Calendar/Schedule See Home Page Wireless Email (255 Chars) [EMAIL PROTECTED]
