3 DES Encryption
Tina Bird
tbird at PRECISION-GUESSWORK.COM
Thu Jan 6 19:05:01 EST 2000
On a IPSec based device, the lifetime of session keys is
one of the parameters that you can configure. If it's not
IPSec, then it depends on the vendor -- what you want to
look for is something called, oh, "session key lifetime"
or "key tumbling" frequency.
You also need to consider how the session keys themselves
are generated. For the highest security, you want to use
a generation algorithm, such as Diffie Hellman, that
provides "perfect forward secrecy" -- new keys are generated
without any correlation to past or future keys. A lot of
key generation mechanisms (MPPE leaps to mind, but there
are others) that create session keys out of known
perturbations of old keys. In that scenario, someone who
compromises a session keys gets everything.
On Tue, 4 Jan 2000, Jeffery Eric Contr 95 CS wrote:
> Date: Tue, 4 Jan 2000 10:54:45 -0800
> From: Jeffery Eric Contr 95 CS <eric.jeffery at EDWARDS.AF.MIL>
> To: VPN at SECURITYFOCUS.COM
> Subject: 3 DES Encryption
>
> My VPN Device uses 168-bit 3 DES Encryption and HMAC-MD5 for Authentication.
>
> Question- are all packets encrypted with the same key or do they change with
> each packet? Basically, I want to know if someone broke the encryption key
> would they have access to all data or just that one (or few) packet(s)?
>
> Eric Jeffery, MCSE
> Network Systems Analyst
> TYBRIN Corp.
>
> VPN is sponsored by SecurityFocus.COM
>
"Doubt is an uncomfortable situation, but certainty is an
absurd one." -- Voltaire
VPN is sponsored by SecurityFocus.COM
More information about the VPN
mailing list