SLUG Mailing List Archives
Re: [SLUG] VPN
- To: James Morris <jmorris@xxxxxxxxxxxxxxxx>
- Subject: Re: [SLUG] VPN
- From: Jamie Honan <jhonan@xxxxxxxxxxxxxxxx>
- Date: Fri Nov 10 12:18:25 2000
- Cc: slug@xxxxxxxxxxx, daron.barndon@xxxxxxxxxxxxxxx
On Fri, 10 Nov 2000, James Morris wrote:
> Please keep in mind that single DES is not considered to be secure.
> This is why Free/SWAN is shipped with single DES disabled. The reason it
> can be hacked to use single DES so easily is because the same core code is
> required for triple DES.
Anyone looking at freeswan will have this opinion pointed out
If the point is to get people to use increased security, then this
is actually counter-productive.
By making freeswan difficult to install and use, people will actually
gravitate to using a Windows client and be blissfully unaware of security
Instead if they had enabled DES and put lots of warning messages,
more people would use freeswan, and thus more people would become
aware of the security limitations of DES.
Many people have no influence over the choice of equipment they
are connecting to, no possibility of altering security policies
For them, freeswan not having DES simply makes life harder to
Stay isolated and pure. Engage, explain and look at things from
other points of view and maybe the result will be better.
> If you've bought VPN products which only do single DES, you might as well
> have bought boat anchors. I'd certainly be extremely wary of any vendor
> who has promoted these things as secure.
> Please read:
Feel free to pass on.