[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSEC WORKING GROUP LAST CALL

To: ipsec@tis.com
Subject: Re: IPSEC WORKING GROUP LAST CALL
From: jim@mentat.com (Jim Gillogly)
Date: Fri, 20 Feb 98 15:07:29 PST
Sender: owner-ipsec@ex.tis.com

Regarding the 40-bit data masking issue...

The argument is being made that because US export laws make it hard
to export real encryption, the standard should specify a way to
export totally insecure data masking instead.

This seems misguided to me.  IPsec is about an international standard
for communicating securely.  It is not about providing political
support for one or another country's export regulations.

Despite claims that it's up to the customer whether they want to be
able to use this product in a secure or insecure mode, the fact is that
most customers won't know the difference.  As far as they're concerned,
if the product conforms to an IETF <security> standard then it must
provide some security.  If they sniff a packet and don't see their
natural language in it, they couldn't tell the difference between 3DES
and the Morris-Worm encryption method of XORing each byte with 0x81.
If your customers want Morris-Worm Encryption, should it go into an
RFC that has the IPsec seal of approval?  I submit that it shouldn't.

If we think back to the MUST algorithm decision, 56-bit DES was a
compromise:  it's really too short for serious security, and Michael
Wiener's recent update to his older DES-breaking paper only reinforces
this.

It's been argued that breaking 40-bit crypto requires a significant
amount of computational power.  This seems wrong on its face: the
RSA challenge was broken in about 3 hours by two different people,
each with only a few dozen standard workstations.  I don't know what
your threat model is, but mine includes companies with access to
more than a few dozen workstations.

And even if it <were> a smart thing to do, 40-bit DES would be a choice
because you have all the inefficiency of full 56-bit DES combined with
no security.

If this isn't going to be a security standard, we might as well pack
it in: if it's not worth doing, it's not worth doing right.

	Jim Gillogly (speaking for myself, if it needs to be said)

Prev by Date: Re: IPSEC Arch, ports, and tunnel mode SAs
Next by Date: Re: IPSEC WORKING GROUP LAST CALL
Prev by thread: RE: IPSEC WORKING GROUP LAST CALL
Next by thread: Re: IPSEC WORKING GROUP LAST CALL
Index(es):
- Main
- Thread