[7113] in cryptography@c2.net mail archive
Re: Critics blast Windows 2000's quiet use of DES instead of 3DES
daemon@ATHENA.MIT.EDU (L. Sassaman)
Wed May 17 23:40:04 2000
Date: Wed, 17 May 2000 18:54:03 -0700 (PDT)
From: "L. Sassaman" <rabbi@quickie.net>
To: John Gilmore <gnu@toad.com>
Cc: Declan McCullagh <declan@well.com>, cryptography@c2.net
In-Reply-To: <200005170941.CAA28698@toad.com>
Message-ID: <Pine.LNX.4.21.QNWS_2.0005171846360.14724-100000@thetis.deor.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, 17 May 2000, John Gilmore wrote:
> Declan, your story on Microsoft's IPSEC security missed the point.
> Or rather, buried it in paragraph 8!
>
> ==> If you configure the machines to use 3DES, they will silently use DES.
>
> That's the problem.
>
> The Linux IPSEC software only supports 3DES. It does not support DES.
> People complain about this periodically. We don't care -- it prevents
> this sort of security problem from happening. Microsoft didn't care
> about the actual security they provide their users ("Having at least
> some encryption is better than nothing" is wrong and dangerous,
> leading to a false sense of security when you are actually
> vulnerable). The Linux group, freeswan.org, which I lead, has real
> security as its top priority. There's no point in going to all the
> trouble to configure it, unless it actually delivers what it promises.
The same situation exists with PGPnet. 3DES and CAST are the only
permitted algorithms. DES is not an option.
> If a Microsoft user configures 3DES protection and tries to connect it
> a Linux FreeS/WAN box, the negotiation will fail -- with at least the
> Linux side reporting that they couldn't agree.
Frankly, I can't understand why the IPsec protocol still allows DES. It
should require strong encryption. Having DES in a product these days makes
about as much sense as mandating the usage of ROT13.
> There have been allegations that NSA influenced Microsoft's encryption
> support (one reason that NSA could afford to relax export controls
> could be that they've already subverted the highest volume US
> products). It's pretty well acknowledged that NSA did this to Crypto
> AG's hardware products decades ago, and has been reading the traffic
> of those who depended on those products. An eavesdropper doesn't need
> to break the encryption if they can break the user interface and make
> it lie about whether it is really encrypting.
However, now that the export controls have been relaxed, Microsoft has no
reason not to use 3DES, and permit the user to refuse connections if the
other party can only negotiate DES. I hope they do the right thing.
__
L. Sassaman
System Administrator | "Everything must end;
Technology Consultant | meanwhile we must
icq.. 10735603 | amuse ourselves."
pgp.. finger://ns.quickie.net/rabbi | --Voltaire
-----BEGIN PGP SIGNATURE-----
Comment: OpenPGP Encrypted Email Preferred.
iD8DBQE5I01CPYrxsgmsCmoRAlVnAJ92Cn9nNPISa2m0NTOwEljqGxsCfwCgnUMp
UQ14Poan421RLgJRQOp2S9w=
=kOPX
-----END PGP SIGNATURE-----
