[ previous ] [ next ] [ threads ]
 
 From:  "David Burgess" <apt dot get at gmail dot com>
 Cc:  m0n0wall <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] VPN - IPsec break down without changing anything
 Date:  Fri, 4 Apr 2008 08:19:26 -0700
http://en.wikipedia.org/wiki/Data_Encryption_Standard

Wikipedia states that DH is safe if the keys are well chosen, but makes no
mention of bit-length.

db

On 04/04/2008, Michael Brown <knightmb at knightmb dot dyndns dot org> wrote:
>
> A quick google search didn't find anything to support the "it's not
> secure" part, I would like to read more about it if you have a link to the
> information.
>
> wmorgan at ffpir dot org wrote:
>
> > It looks like the other end of the connection is only offering to use
> > DES encryption and a 768-bit DH group. This is _not_ secure, but some
> > older hardware (notably Cisco) doesn't support anything better.
> >
> > I'd start by seeing if you can turn on 3DES or AES encryption and at
> > least a 1024-bit DH (aka MODP) group on the other end for the phase 1
> > negotiation.
> > Wes
> >
> >
> >
> >
> >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>