[CentOS] establish a 128 bit encrypted tunnel between centos 5.2 boxes

Robert Moskowitz rgm at htt-consult.com
Sun Aug 31 13:55:42 UTC 2008


Ric Moore wrote:
> On Tue, 2008-08-26 at 18:55 -0400, Robert Moskowitz wrote:
>   
>> Jeff Kinz wrote:
>>     
>>> On Tue, Aug 26, 2008 at 04:04:21PM -0400, Jerry Geis wrote:
>>>   
>>>       
>>>> Is there an easy way or anyway to establish a 128 bit encrypted tunnel 
>>>> between a handful of centos 5.2 boxes?
>>>>     
>>>>         
>>> In addition the rest of the good info others already posted for you,
>>> please remember that "128 bit encryption" doesn't mean anything 
>>> unless you also specify the encryption scheme being used.
>>>
>>> A 128 bit encryption scheme may or may not be easily broken depending on
>>> which one it is. (Pick a good!)
>>>       
>> Actually 'we' (crypto community) talk about crypto-suites, as you have 
>> to look at all the pieces involved. If everything is not disclosed (like 
>> with Skype), then you just don't know where the weakness may be.
>>
>> SSH, IPsec (watch out for the 'Null' cipher :) ), TLS (some of the 
>> suites are too weak to talk about), and HIP are all well-rounded 
>> security protocols. I have worked on all of them.
>>     
>
> Whatever happened to cipe?? Ric
Has it kept up with the known attacks?  It predates a lot of work we did 
in IETF on IPsec, for example.  For example I had to axe the implicite 
IV mode for DES-CBC due to the hamming distance attack.  "But schnier 
lists counters as a valid method of generating IVs....".  Sheesh, there 
is such a thing as new attacks (even if they are old to the NSA) as 
being reasons NOT to site old texts.




More information about the CentOS mailing list