On Sun, 26 Nov 2000, Kenneth E. Lussier wrote:
> I have used FreeS/WAN extensivly.
[...snip...]
Well, that is a pretty fair and informative evaluation. Thanks.
> Usually when people talk about it being unstable, it is because it is not
> an easy configuration to get your hands around ...
That seems to be an intrinsic part of every IPsec implementation I've looked
at. :-)
>> Also: Anyone have experience connecting a Windows client with a dynamic IP
>> to a Linux-based FreeS/WAN host?
>
> Can't be done.
That is what I was afraid of. Oh well. :-(
>>> [PoPToP] can use 128-bit rc4 encryption (not all that great, but OK)
>>
>> Ummm, I believe conventional wisdom says that with modern algorithms,
>> session encryption keys longer then 100 bits or so is just a waste of
>> resources. In fact, I just checked, and the FreeS/WAN website makes
>> reference to this.
>
> I wasn't refering to the key length, here, I was refering to rc4.
Oh, sorry. I still had the 4096-bit length from your previous message in
mind, and read too much into that statement. My bad.
> rc4 is considered to be one of the weaker algorhythms out there as
> compared to 3DES, Blofish, twofish, etc.
I'm not exactly an expert, but I thought RC4 was still considered "good
enough" for "average" use?
> Now, this doesn't make the box insecure, but under heavier traffic, it
> could become unstable.
A very good point. Availability is an often-overlooked part of security.
> I disagree. The are no remote *OR* local exploits for an abacus ;-)
Not true. An abacus has absolutely no local security at all. All data is
world readable and writable, and a devastating denial-of-service attack can be
accomplished just with some chewing gum. You can't beat it for protection
against remote attacks, though. ;-)
--
Ben Scott <[EMAIL PROTECTED]>
Net Technologies, Inc. <http://www.ntisys.com>
Voice: (800)905-3049 x18 Fax: (978)499-7839
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
