[14298] in cryptography@c2.net mail archive
efficiency?? vs security with symmetric crypto? (Re: Tinc's response to "Linux's answer to MS-PPTP")
daemon@ATHENA.MIT.EDU (Adam Back)
Fri Sep 26 23:09:35 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Fri, 26 Sep 2003 15:28:13 -0700
From: Adam Back <adam@cypherspace.org>
To: Guus Sliepen <guus@sliepen.eu.org>
Cc: Peter Gutmann <pgut001@cs.auckland.ac.nz>,
cryptography@metzdowd.com
In-Reply-To: <20030926101203.GF715@sliepen.eu.org>
What conceivable trade-offs could you have to make to get acceptable
performance out of symmetric crypto encrypted+authenticated tunnel?
All ciphers you should be using are like 50MB/sec on a 1Ghz machine!!
If you look at eg cebolla (more anonymity than VPN, but it's a nested
forward-secret VPN related thing) it's even possible to do pretty
immediate forward secrecy every second or something at minimal CPU
cost. (I'll read the writeup but that trade-off argument sounds very
wrong.)
Adam
On Fri, Sep 26, 2003 at 12:12:03PM +0200, Guus Sliepen wrote:
> Hello Peter Gutmann and others,
>
> Because of its appearance on this mailing list and the Slashdot posting
> about "Linux's answer to MS-PPTP", and in the tinc users' interest, we
> have created a section about the current security issues in tinc, which
> currently contains a response to Peter Gutmann's writeup:
>
> http://tinc.nl.linux.org/security
>
> I want to emphasize for the cryptography community here that certain
> tradeoffs have been made between security and efficiency in tinc. So
> please read the response as "why we think we need to do/used to do it
> this way" instead of "why we think tinc is still as secure as anything
> else". Comments are welcome.
>
> --
> Met vriendelijke groet / with kind regards,
> Guus Sliepen <guus@sliepen.eu.org>
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
