Ric Moore wrote: > On Tue, 2008-08-26 at 18:55 -0400, Robert Moskowitz wrote: > >> Jeff Kinz wrote: >> >>> On Tue, Aug 26, 2008 at 04:04:21PM -0400, Jerry Geis wrote: >>> >>> >>>> Is there an easy way or anyway to establish a 128 bit encrypted tunnel >>>> between a handful of centos 5.2 boxes? >>>> >>>> >>> In addition the rest of the good info others already posted for you, >>> please remember that "128 bit encryption" doesn't mean anything >>> unless you also specify the encryption scheme being used. >>> >>> A 128 bit encryption scheme may or may not be easily broken depending on >>> which one it is. (Pick a good!) >>> >> Actually 'we' (crypto community) talk about crypto-suites, as you have >> to look at all the pieces involved. If everything is not disclosed (like >> with Skype), then you just don't know where the weakness may be. >> >> SSH, IPsec (watch out for the 'Null' cipher :) ), TLS (some of the >> suites are too weak to talk about), and HIP are all well-rounded >> security protocols. I have worked on all of them. >> > > Whatever happened to cipe?? Ric Has it kept up with the known attacks? It predates a lot of work we did in IETF on IPsec, for example. For example I had to axe the implicite IV mode for DES-CBC due to the hamming distance attack. "But schnier lists counters as a valid method of generating IVs....". Sheesh, there is such a thing as new attacks (even if they are old to the NSA) as being reasons NOT to site old texts.