|
||||||||
Thanks for the info, it does state that a brute force attack is possible (well yeah, true for anything), so I think it still depends on someone choosing a better key than "12345" or "<Your Company Name Here>". :-) It was a good read though, thanks! David Burgess wrote: > http://en.wikipedia.org/wiki/Data_Encryption_Standard > > Wikipedia states that DH is safe if the keys are well chosen, but makes no > mention of bit-length. > > db > > On 04/04/2008, Michael Brown <knightmb at knightmb dot dyndns dot org> wrote: > >> A quick google search didn't find anything to support the "it's not >> secure" part, I would like to read more about it if you have a link to the >> information. >> >> wmorgan at ffpir dot org wrote: >> >> >>> It looks like the other end of the connection is only offering to use >>> DES encryption and a 768-bit DH group. This is _not_ secure, but some >>> older hardware (notably Cisco) doesn't support anything better. >>> >>> I'd start by seeing if you can turn on 3DES or AES encryption and at >>> least a 1024-bit DH (aka MODP) group on the other end for the phase 1 >>> negotiation. >>> Wes >>> >>> >>> >>> >>> >>> >>> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch >> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch >> >> >> > > |