[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPv6 Security Last Call Initial Questions



Perry;

>I believe J.I. is monitoring this mailing list, so I'll let him speak
>for himself, but he figured out for me last year when he was playing
>with RC4 that 40 bit RC4 could be broken with the resources he had
>available at the CS department at Columbia in a few days. If you like,
>I'll try to make sure that he posts figures.

I am convinced.

>I'll point out that I consider anything that can be broken for under
>$1,000,000 to be completely unacceptable given my interests in the
>banking community, and DES already is dangerously weak in that regard
>-- I'd almost prefer standardizing on 3DES. 40 bits by my measure is a
complete joke.
>

I agree and $1 million would do it too.  Having done a stinch as
contractor for Banks in the early 80's and worked on CIRUS (very early
CIRUS) and ATMs (the teller machines), where are the banks going to use
ESP for the Internet? )---> thanks (ah a requirement I love them).  And
what are they doing now without ESP IPSP?

So even though I don't want ESP DES MUST I think as an individual I
would like a weak algorithm that can be broken less.

thanks
/jim