Hi Peter, On Tue, 2003-07-08 at 06:38, Peter Mueller wrote: > You have the right attitude, single-DES is crap.
You bet it is. I cracked a 1DES key with a banana smoothie in a whisker over 30 minutes last week. :) > However, ipsec.lrp does support single-DES. Are you sure about this? There's no mention of it anywhere, and the FreeS/WAN docs say that by default 1DES support is included for 3DES encryption, but unable to be used as a protocol in its own right - for obvious reasons. > Superfreeswan includes additional encyrption algorithm > patches which Jacques includes. > > RTM ;-) - http://leaf-project.org/devel/jnilo/bipack2.html > > 12.8. ipsec.lrp > This is the super-freeswan ipsec package. Refer to the Bering user's > guide for explanations. > Superfreeswan 1.99.6.2 is patched with the following patches: > NAT-Traversal, X509, ipsec_algs and port & protocols selector. Yes, I read that before posting to this list, and since none of those patches enable the use of 1DES, I asked the list for further clarification. > Current "Bering" version: 1.99.6.2 > > http://www.freeswan.ca/patches/ This lists the patches available, and I also went to this site before emailing the list. None of the 1DES patches seem to be applied (sensibly) to the LEAF ipsec.lrp package. > Hope that helps, Not really. The information you have given me basically says that 1DES is not able to be used as a protocol, whereas you are saying it is able to be used. So, your suggestion is refuted by the links you gave as a reference - actually muddying the issue, not clarifying it. :( - HiltonT > > Yes, I thought this would be the case. I'll have to look > > into this, but either way, a DES VPN is not secure, and I > > think I'll just tell the guys at the remote end that they > > have to supply a Linux box with DES support as I don't want > > to be held responsible for implementing such an insecure VPN > > solution. :) > > > > Regards, > > HiltonT > > > > On Sun, 2003-07-06 at 15:19, M Lu wrote: > > > Hi Hilton, > > > > > > Bering ipsec.lrp is actually Superfreeswan 1.99.6.2, and I > > > believe that FreeSWAN does not support single DES. > > > > > > M Lu. > > > > > > > > > >From: Hilton Travis <[EMAIL PROTECTED]> > > > >Reply-To: [EMAIL PROTECTED] > > > >To: [EMAIL PROTECTED] > > > >Subject: [leaf-user] ipsec.lrp - does it do plain old DES? > > > >Date: 06 Jul 2003 12:54:07 +1000 > > > > > > > >Hi All, > > > > > > > >Does the behring ipsec.lrp module handle the insecure DES > > > >protocol? I have a need for a DES-based Linux router for > > > >a short while, and if this works, then I'll use it. > > > >Unfortunately, the remote end cannot accept any secure > > > >IPSEC encryption protocols. :( ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01 ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html