Home   Groups   Digests   Personalise   Search   Login
  POV-Ray : Newsgroups : povray.off-topic : Fun with cryptography : Re: Fun with cryptography Server Time
7 Sep 2024 07:24:35 EDT (-0400)
  Re: Fun with cryptography  
From: Darren New
Date: 3 Jul 2008 12:35:24
Message: <486cffcc$1@news.povray.org>
 
Orchid XP v8 wrote:
>>> The document claims this is because "IPSec is too complicated to be 
>>> secure", and that "TSL is mature and battle-tested".
>>
>> I like how they make this assertion, then later on say "you might need 
>> the load balancing that IPsec does, but you can get that with OpenVPN 
>> by running this other complicated program on a spare machine." It 
>> sounds like a lot of the complication is stuff that OpenVPN basically 
>> leaves out.
> 
> Well, is that a protocol feature or a software feature?

I'm saying that they mock IPsec for solving problems *they* don't have, 
because it was "designed by a committee".  I suspect the people on the 
"committee" actually *did* have those problems, so incorporated 
solutions to them into the standard, instead of making everyone solve it 
themselves with ad hoc solutions consisting of interacting layers which 
could easily introduce a security hole if you don't know what you're doing.

> I was more amused by the statement that key size has any relationship to 
> complexity class.

Yes, I understood the WTF. :-) Of course, if it's running over TLS, you 
can put whatever cipher both sides agree on in there.

And actually, key size *can* have a relationship to complexity class, 
perhaps. If you can pre-compute something that lets you look up in 
polynomial time the key that someone is using, except that the key is 
too long to store the precomputed somethings for every key, I can see 
where that can happen. (Technically, the same complexity class, but in 
practice, you can break something in polynomial time if you discount the 
precomputation, perhaps.)

But yeah, the whole discussion was full of WTFs like that. Plus, they 
say basically "IPSec is too complicated to deploy, OpenVPN does the same 
thing only its easy to deploy", without giving any evidence at all of 
either. Most of the paper is a description of SSL, and I'm pretty sure 
there aren't fundamental security problems with IPSec that aren't in SSL.

(And apparently the authors don't know that actual difference between 
SSL and TLS.  Hint: OpenVPN seems to use SSL.)

-- 
Darren New / San Diego, CA, USA (PST)
  Helpful housekeeping hints:
   Check your feather pillows for holes
    before putting them in the washing machine.


Post a reply to this message

Copyright 2003-2023 Persistence of Vision Raytracer Pty. Ltd.