Re: crypto networking code

Alan Cox (alan@lxorguk.ukuu.org.uk)
Wed, 13 Nov 1996 21:42:56 +0000 (GMT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Scott J. Ellentuch: "Re:re:re: Panic on 1.2-Found"
Previous message: Alan Cox: "Re: -ERESTARTSYS and /dev/ttyS1"
In reply to: Colin Small: "Compiling 2.1.9, or not"

> Don't kid yourself thinking that any level of encryption will stop hackers
> for long. Unless you dealing with unbelievable level of encryption, you
> always risk that a hacker can figure out how to break the code. And if you
> decide to go with very high levels of encryption, you run into the resource
> problem of encryption.

You are making some assumptions that are perhaps inappropriate here.

Firstly most network data that would be sent encrypted has a limited value
lifetime. If you change the root password monthly then snooping it and
cracking the session key in over a month is a loss. If its combined with
a one time pad password you've got to do realtime decoding.

Crypto also allows you to protect control information between hosts. Even
if I am sending plain text for all to see (eg public web pages) I gain
by making it hard for a third party to send bogus ICMP frames, stupid tcp
fragments and generally to be a nuisance.

The issue of long term valuable data is another much more complex issue.

Finally the crypto protocols used for the internet IP-AH IP-ESP protocols
are changable. The designers were well aware that crypto is a fast changing
area.

Alan

Next message: Scott J. Ellentuch: "Re:re:re: Panic on 1.2-Found"
Previous message: Alan Cox: "Re: -ERESTARTSYS and /dev/ttyS1"
In reply to: Colin Small: "Compiling 2.1.9, or not"