[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Using blowfish keys with ipsec?

To: jolan <jolan@enteract.com>
Subject: Re: Using blowfish keys with ipsec?
From: Gunnar Wolf <gwolf@campus.iztacala.unam.mx>
Date: Tue, 25 Jun 2002 22:58:59 -0500 (CDT)
Cc: Joe Kellner <jdk@i.dynodns.net>, <misc@openbsd.org>

> also, 3des was championed by the nsa who are notorious for scary
> espionage tactics.
>
> blowfish is faster (like gunnar said, lighter) and more flexible as it
> allows for a variable key size.
>
> since you're just talking about key generation, it's not going to make
> much difference.

Right, at creation time there is not much worth considering on an
encryption scheme over another - Anyway, I would be more than willing to
wait a bit longer for generating a key if it would provide noticeably
better performance and/or security... But anyway, if you go with 3DES,
your VPN can become slower more easily.

...And yes, I agree with the lack of trust for the NSA :) Although 3DES
has been mathematically proven... I prefer not using it more as a boycott
than as a trust issue.

-- 
Gunnar Wolf - gwolf@campus.iztacala.unam.mx - (+52-55)5623-1118
PGP key 1024D/8BB527AF 2001-10-23
Fingerprint: 0C79 D2D1 2C4E 9CE4 5973  F800 D80E F35A 8BB5 27AF

References:
- Re: Using blowfish keys with ipsec?
  - From: jolan <jolan@enteract.com>

Prev by Date: Re: privsep checking
Next by Date: Re: Upcoming OpenSSH vulnerability
Prev by thread: Re: Using blowfish keys with ipsec?
Next by thread: openssh 3.3p on OpenBSD 3.0+errata
Index(es):
- Date
- Thread