SLUG Mailing List Archives
Re: [SLUG] VPN
- To: Jamie Honan <jhonan@xxxxxxxxxxxxxxxx>
- Subject: Re: [SLUG] VPN
- From: James Morris <jmorris@xxxxxxxxxxxxxxxx>
- Date: Fri Nov 10 09:17:19 2000
- Cc: slug@xxxxxxxxxxx, daron.barndon@xxxxxxxxxxxxxxx
On Fri, 10 Nov 2000, Jamie Honan wrote:
> * the stock standard freeswan won't do DES. This is only
> important because older equipment (i.e. the router at the other
> end you may have to work with) may not do the recommended 3DES.
> Cisco, for example, couldn't export 3DES till this year. (AFAIK).
> The patch to freeswan to do DES is around. (It is actually in there,
> you patch it to enable it).
Please keep in mind that single DES is not considered to be secure.
This is why Free/SWAN is shipped with single DES disabled. The reason it
can be hacked to use single DES so easily is because the same core code is
required for triple DES.
If you've bought VPN products which only do single DES, you might as well
have bought boat anchors. I'd certainly be extremely wary of any vendor
who has promoted these things as secure.