>> The document claims this is because "IPSec is too complicated to be 
>> secure", and that "TSL is mature and battle-tested".
> 
> I like how they make this assertion, then later on say "you might need 
> the load balancing that IPsec does, but you can get that with OpenVPN by 
> running this other complicated program on a spare machine." It sounds 
> like a lot of the complication is stuff that OpenVPN basically leaves out.

Well, is that a protocol feature or a software feature?

> Plus, I'm not really sure how they're running TLS over UDP, given that 
> TLS is stream-oriented and assumes reliable delivery. It's also not real 
> obvious from their descriptions that it's possible to run a UDP protocol 
> over OpenVPN.

Hmm, that's a good point.

>> Also amusing is the statement "Blowfish is a very strong algorithm 
>> with no known weaknesses. Its 128-bit key provides us with a large 
>> enough key space to make brute force key attacks impossible in 
>> polynomial time." Erm... like... WTF?
> 
> Of course, it hasn't been tested as furiously as AES, either.

I was more amused by the statement that key size has any relationship to 
complexity class.

Blowfish is far more popular than, say, TEA or SQUARE or any number of 
other ciphers from the zoo of less-known algorithms out there. I note 
however that Blowfish has been "replaced" by Twofish which is meant to 
be stronger. (And AES finalist, I believe.)

A lot of people are apparently jumpy about the whole XSL attack thing on 
AES.


-- 
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*

Post a reply to this message