[CentOS] establish a 128 bit encrypted tunnel between centos 5.2 boxes
Robert Moskowitz
rgm at htt-consult.com
Sun Aug 31 13:55:42 UTC 2008
Ric Moore wrote:
> On Tue, 2008-08-26 at 18:55 -0400, Robert Moskowitz wrote:
>
>> Jeff Kinz wrote:
>>
>>> On Tue, Aug 26, 2008 at 04:04:21PM -0400, Jerry Geis wrote:
>>>
>>>
>>>> Is there an easy way or anyway to establish a 128 bit encrypted tunnel
>>>> between a handful of centos 5.2 boxes?
>>>>
>>>>
>>> In addition the rest of the good info others already posted for you,
>>> please remember that "128 bit encryption" doesn't mean anything
>>> unless you also specify the encryption scheme being used.
>>>
>>> A 128 bit encryption scheme may or may not be easily broken depending on
>>> which one it is. (Pick a good!)
>>>
>> Actually 'we' (crypto community) talk about crypto-suites, as you have
>> to look at all the pieces involved. If everything is not disclosed (like
>> with Skype), then you just don't know where the weakness may be.
>>
>> SSH, IPsec (watch out for the 'Null' cipher :) ), TLS (some of the
>> suites are too weak to talk about), and HIP are all well-rounded
>> security protocols. I have worked on all of them.
>>
>
> Whatever happened to cipe?? Ric
Has it kept up with the known attacks? It predates a lot of work we did
in IETF on IPsec, for example. For example I had to axe the implicite
IV mode for DES-CBC due to the hamming distance attack. "But schnier
lists counters as a valid method of generating IVs....". Sheesh, there
is such a thing as new attacks (even if they are old to the NSA) as
being reasons NOT to site old texts.
More information about the CentOS
mailing list