No, absolutely not. There are mechanisms built into 3DES to prevent exactly this. To keep it simple (at the risk of oversimplifying it), it uses random numbers in the encryption process to prevent the same data from producing the same ciphertext. So, send the same packet twice, get 2 different blocks of ciphertext. That way, if you knew the data and captured the ciphertext before unencryption, you can't reverse engineer it. Also, you can't keep punching in different data at one end and reading the ciphertext on the wire until you match the new ciphertext with previously captured ciphertext.
And on top of all that, a good VPN implementation will change encryption keys every couple of MBs of data and/or every few minutes. That way, keys are only available for those types of attacks for short periods of time. Don't forget, there is a lot more to a secure VPN than the strength of the encryption algorithm. :-) Brownfox -----Original Message----- From: Salman Siddiqui [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 02, 2002 1:08 PM To: 'Security-Basics List' Subject: RE: Has 3des been broken VPN's pass a huge amount of data. A lot of that data is repetitive and predictable. Given these two factors and sheer volume of data given, it may be possible to extrapolate the keys from crypto. Any thoughts on this? Salman
