|
||||||||||
I got that analysis from the new Openswan book. I forget the full title, something like Building and Securing VPNs with Openswan. Wes On Apr 4, 2008, at 9:19 AM, "David Burgess" <apt dot get at gmail dot com> wrote: > http://en.wikipedia.org/wiki/Data_Encryption_Standard > > Wikipedia states that DH is safe if the keys are well chosen, but > makes no > mention of bit-length. > > db > > On 04/04/2008, Michael Brown <knightmb at knightmb dot dyndns dot org> wrote: >> >> A quick google search didn't find anything to support the "it's not >> secure" part, I would like to read more about it if you have a link >> to the >> information. >> >> wmorgan at ffpir dot org wrote: >> >>> It looks like the other end of the connection is only offering to >>> use >>> DES encryption and a 768-bit DH group. This is _not_ secure, but >>> some >>> older hardware (notably Cisco) doesn't support anything better. >>> >>> I'd start by seeing if you can turn on 3DES or AES encryption and at >>> least a 1024-bit DH (aka MODP) group on the other end for the >>> phase 1 >>> negotiation. >>> Wes >>> >>> >>> >>> >>> >>> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch >> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch >> >> |