VPN costs savings

Sandy Harris sandy at STORM.CA
Mon Jan 29 21:55:38 EST 2001


Chris Carlson wrote:
>
> A quick comment on Nick's note about encryption
> strength:
>
> Don't be pigeon-holed into U.S. VPN products.  There
> are many very good Canadian, European, Asian, or
> Australian VPN vendors that are limited by the U.S.
> Commerce Department export restriction.

Yes.

> The IDEA algorithm is 128-bit and Swiss developed (I
> think ASCOM holds the license),

Correct.

> and I think 256-bit CAST was developed by a Canadian
> company.

The PKI vendor Entrust, a Nortel spinoff. Some work was
done at Queens university, but the CAST-128 described in
RFC 2144, mentioned in some IPSEC RFCs, and used in some
products such as NAI/PGPs client, was done at Entrust.

CAST-256 is a related but different cipher. It was Entrust's
entry in the AES competition.

I'd say the obvious cipher to be looking at for the future
of IPSEC and other VPNs would be the AES winner, Rijndael.

http://www.esat.kuleuven.ac.be/~rijmen/rijndael/

That gives you 128, 192 or 256-bit keysizes, and 128-bit block size.
It won the US gov't contest to find a replacement for DES, against
quite a few strong candidates.

VPN is sponsored by SecurityFocus.COM




More information about the VPN mailing list