Re: [CentOS] establish a 128 bit encrypted tunnel between centos 5.2 boxes
On Tue, 2008-08-26 at 18:55 -0400, Robert Moskowitz wrote: Jeff Kinz wrote: On Tue, Aug 26, 2008 at 04:04:21PM -0400, Jerry Geis wrote: Is there an easy way or anyway to establish a 128 bit encrypted tunnel between a handful of centos 5.2 boxes? In addition the rest of the good info others already posted for you, please remember that 128 bit encryption doesn't mean anything unless you also specify the encryption scheme being used. A 128 bit encryption scheme may or may not be easily broken depending on which one it is. (Pick a good!) Actually 'we' (crypto community) talk about crypto-suites, as you have to look at all the pieces involved. If everything is not disclosed (like with Skype), then you just don't know where the weakness may be. SSH, IPsec (watch out for the 'Null' cipher :) ), TLS (some of the suites are too weak to talk about), and HIP are all well-rounded security protocols. I have worked on all of them. Whatever happened to cipe?? Ric ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] establish a 128 bit encrypted tunnel between centos 5.2 boxes
Ric Moore wrote: On Tue, 2008-08-26 at 18:55 -0400, Robert Moskowitz wrote: Jeff Kinz wrote: On Tue, Aug 26, 2008 at 04:04:21PM -0400, Jerry Geis wrote: Is there an easy way or anyway to establish a 128 bit encrypted tunnel between a handful of centos 5.2 boxes? In addition the rest of the good info others already posted for you, please remember that 128 bit encryption doesn't mean anything unless you also specify the encryption scheme being used. A 128 bit encryption scheme may or may not be easily broken depending on which one it is. (Pick a good!) Actually 'we' (crypto community) talk about crypto-suites, as you have to look at all the pieces involved. If everything is not disclosed (like with Skype), then you just don't know where the weakness may be. SSH, IPsec (watch out for the 'Null' cipher :) ), TLS (some of the suites are too weak to talk about), and HIP are all well-rounded security protocols. I have worked on all of them. Whatever happened to cipe?? Ric Has it kept up with the known attacks? It predates a lot of work we did in IETF on IPsec, for example. For example I had to axe the implicite IV mode for DES-CBC due to the hamming distance attack. But schnier lists counters as a valid method of generating IVs. Sheesh, there is such a thing as new attacks (even if they are old to the NSA) as being reasons NOT to site old texts. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] establish a 128 bit encrypted tunnel between centos 5.2 boxes
On Tue, Aug 26, 2008 at 5:55 PM, Robert Moskowitz [EMAIL PROTECTED]wrote: Jeff Kinz wrote: On Tue, Aug 26, 2008 at 04:04:21PM -0400, Jerry Geis wrote: Is there an easy way or anyway to establish a 128 bit encrypted tunnel between a handful of centos 5.2 boxes? In addition the rest of the good info others already posted for you, please remember that 128 bit encryption doesn't mean anything unless you also specify the encryption scheme being used. A 128 bit encryption scheme may or may not be easily broken depending on which one it is. (Pick a good!) Actually 'we' (crypto community) talk about crypto-suites, as you have to look at all the pieces involved. If everything is not disclosed (like with Skype), then you just don't know where the weakness may be. SSH, IPsec (watch out for the 'Null' cipher :) ), TLS (some of the suites are too weak to talk about), and HIP are all well-rounded security protocols. I have worked on all of them. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos i would look into the HIP stuff. But also look at the Hamachi like solutions such as EOIP - Ethernet Over IP (built into dd-wrt) and tinc-vpn. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] establish a 128 bit encrypted tunnel between centos 5.2 boxes
Is there an easy way or anyway to establish a 128 bit encrypted tunnel between a handful of centos 5.2 boxes? I am not familiar with this at all. Jerry ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] establish a 128 bit encrypted tunnel between centos 5.2 boxes
On Tue, 26 Aug 2008 16:04:21 -0400 Jerry Geis [EMAIL PROTECTED] wrote: Is there an easy way or anyway to establish a 128 bit encrypted tunnel between a handful of centos 5.2 boxes? ssh -- MELVILLE THEATRE ~ Melville Sask ~ http://www.melvilletheatre.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] establish a 128 bit encrypted tunnel between centos 5.2 boxes
Jerry Geis wrote: Is there an easy way or anyway to establish a 128 bit encrypted tunnel between a handful of centos 5.2 boxes? I am not familiar with this at all. either ssh tunnels, or for more flexiblity, you might look into OpenVPN which supports routed or bridged virtual networks over an SSL socket. with a 'handful', you'll need to determine what topology you want, most VPNs are built in a 'star' fashion where 1 central server acts as the VPN router and all other systems connect to it. you COULD do a fully meshed topology, this would just require createing more tunnels and routes (for instance, with 6 hosts, a star would require 5 tunnels, while fully meshed would be 15 tunnels. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] establish a 128 bit encrypted tunnel between centos 5.2 boxes
Frank Cox wrote: On Tue, 26 Aug 2008 16:04:21 -0400 Jerry Geis [EMAIL PROTECTED] wrote: Is there an easy way or anyway to establish a 128 bit encrypted tunnel between a handful of centos 5.2 boxes? ssh Or openvpn. Both available with more than 128 bits (but that really depends on the crypto system which is used). Ralph pgppyKEWdBJjS.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] establish a 128 bit encrypted tunnel between centos 5.2 boxes
Jerry Geis wrote: Is there an easy way or anyway to establish a 128 bit encrypted tunnel between a handful of centos 5.2 boxes? I am not familiar with this at all. If you just need to forward a port or two, ssh is probably fine. If you need true IP-to-IP connectivity, that's called VPN. There are a few different VPN solutions - probably the easiest complete one is OpenVPN. Enable the EPEL repository: http://fedoraproject.org/wiki/EPEL/FAQ#howtouse Then do yum install openvpn Plenty of documentation here: http://openvpn.net/ There are also IPSec-based VPN solutions, but they are more complex. -- Florin Andrei http://florin.myip.org/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] establish a 128 bit encrypted tunnel between centos 5.2 boxes
On Tue, Aug 26, 2008 at 04:04:21PM -0400, Jerry Geis wrote: Is there an easy way or anyway to establish a 128 bit encrypted tunnel between a handful of centos 5.2 boxes? In addition the rest of the good info others already posted for you, please remember that 128 bit encryption doesn't mean anything unless you also specify the encryption scheme being used. A 128 bit encryption scheme may or may not be easily broken depending on which one it is. (Pick a good!) Jeff Kinz -- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] establish a 128 bit encrypted tunnel between centos 5.2 boxes
Jerry Geis wrote: Is there an easy way or anyway to establish a 128 bit encrypted tunnel between a handful of centos 5.2 boxes? I am not familiar with this at all. The newest 'player' in this is HIP. Code and docs at http://infrahip.hiit.fi/. But HIP is NOT tunneling in the 'classic' IPnIP sense. It does not do port mapping like SSH. But it does mobility and multihoming that they do not do. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
