Tugger the SLUGger!SLUG Mailing List Archives

Re: [SLUG] VPN


On Fri, 10 Nov 2000, James Morris wrote:

> Please keep in mind that single DES is not considered to be secure.
> 
> This is why Free/SWAN is shipped with single DES disabled.  The reason it
> can be hacked to use single DES so easily is because the same core code is
> required for triple DES.

Anyone looking at freeswan will have this opinion pointed out
forcefully.

If the point is to get people to use increased security, then this
is actually counter-productive.

By making freeswan difficult to install and use, people will actually 
gravitate to using a Windows client and be blissfully unaware of security
concerns.

Instead if they had enabled DES and put lots of warning messages,
more people would use freeswan, and thus more people would become
aware of the security limitations of DES.

Many people have no influence over the choice of equipment they
are connecting to, no possibility of altering security policies
or practices.

For them, freeswan not having DES simply makes life harder to
avoid Windows.

Stay isolated and pure. Engage, explain and look at things from
other points of view and maybe the result will be better.

> If you've bought VPN products which only do single DES, you might as well 
> have bought boat anchors.  I'd certainly be extremely wary of any vendor 
> who has promoted these things as secure.
> 
> Please read:
> 
> http://www.freeswan.org/freeswan_trees/freeswan-1.5/doc/DES.html

Feel free to pass on.

Jamie