[vpn] VPN - encryption

Christopher Gripp cgripp at axcelerant.com
Fri Nov 16 15:56:46 EST 2001 

Hmm..  Can you name those sources that call it a HASH?  How about
starting at the root with the RFC.  It's # 2631 [
http://www.ietf.org/rfc/rfc2631.txt?number=2631 ] just in case you
haven't read it yet.  Hash functions and Key Exchanges algorithms are 2
different animals.  I don't see how ANYONE could confuse the 2. 




Christopher Gripp 
Systems Engineer 
Axcelerant

"Never tell people how to do things. Tell them what to do and they will
surprise you with their ingenuity."

-General George S. Patton

  

  



   

-----Original Message-----
From: Loki [mailto:loki at fatelabs.com]
Sent: Friday, November 16, 2001 12:57 PM
To: Christopher Gripp; vpn at securityfocus.com
Subject: Re: [vpn] VPN - encryption


:D Thanks, my cut and paste abilities are well seasoned :) Fjear
"emulate 3 
button mouse in XWindows" :)

As for the additional word of "hashing" being used.. I think its safe to
say 
that definitions are all relative to individual people. In many
discussions 
and also books, I've seen it referred to as "hashing with Diffie Helman"
or 
the "Diffie-Helman Hash" Kind of interesting..

Loki
www.fatelabs.com

On Friday 16 November 2001 03:46 pm, Christopher Gripp wrote:

> I agree a VPN across the Internet without encryption is seriously
> flawed.
>
> I agree  Diffie-Helman is an algorithm.  Just not a HASHING algorithm.
> As for the the explanation of how it works, not needed, but I
appreciate
> your ability to cut and paste.
>
>
>
>
> Christopher Gripp
> Systems Engineer
> Axcelerant
>
> "Never tell people how to do things. Tell them what to do and they
will
> surprise you with their ingenuity."
>
> -General George S. Patton
>
>
>
>
>
>
>
>
>
> -----Original Message-----
> From: Loki [mailto:loki at fatelabs.com]
> Sent: Friday, November 16, 2001 12:50 PM
> To: Christopher Gripp; vpn at securityfocus.com
> Subject: Re: [vpn] VPN - encryption
>
>
> Please accept this as constructive criticism rather than trying to
start
> a
> thread war over relative definitions of what a "vpn" is. But I do not
> understand why someone would deploy a VPN without ensuring encryption
of
> the
> data.
>
> Also, Diffie Helman is actually defined as an algorithm: I quote Bruce
> Schneir:
>
> "Diffie-Hellman is a fairly simple two-step key-exchange technique.
Two
> parties each generate a random value and apply the first step in the
> Diffie-Hellman ___algorithm___. They exchange the results of these
> calculations and apply the second step calculation. This results in
each
> side
> creating the same final value in a secure manner. The public values
are
> g,
> the generator, and n, a prime value. The final result created by both
> parties
> is often referred to as Z. If you read the appendices in the WTLS
specs
> you
> will find two entries with a predefined g and n for the WTLS
> Diffie-Hellman
> __algorithm___ implementations.
> From "Applied Cryptography" by Bruce Scheiner:
>
> The math is simple. First, Alice and Bob agree on a large prime, n and
> g,
> such that g is primitive mod n. These two integers don't have to be
> secret;
> Alice and Bob can agree to them over some insecure channel. They can
> even be
> common among a group of users. It doesn't matter.
>
> Then, the protocol goes as follows:
>
> (1) Alice chooses a random large integer x and sends Bob
>
> X=(g**x) mod n
>
> (2) Bob chooses a random large integer y and sends Alice
>
> Y=(g**y) mod n
>
> (3) Alice computes
>
> Z=(Y**x) mod n
>
> (4) Bob computes
>
> Z'=(X**y) mod n
>
> On Friday 16 November 2001 03:36 pm, Christopher Gripp wrote:
> > Just a minor correction so as not to misinform anyone.  Diffie
Helman
>
> is
>
> > NOT a hashing algorithm.  Diffie-Hellman is a key agreement
algorithm
> > used by two parties to agree on a shared secret.
> >
> > MD5 and SHA1 are the 2 most common in use today.
> >
> > As for the statement that 'encryption is what makes a VPN'  Well...
I
> > and others disagree but, you can have your opinion.
> >
> >
> >
> >
> > Christopher Gripp
> > Systems Engineer
> > Axcelerant
> >
> > "Never tell people how to do things. Tell them what to do and they
>
> will
>
> > surprise you with their ingenuity."
> >
> > -General George S. Patton
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > -----Original Message-----
> > From: Loki [mailto:loki at fatelabs.com]
> > Sent: Friday, November 16, 2001 11:20 AM
> > To: vpn at securityfocus.com
> > Subject: Re: [vpn] VPN - encryption
> >
> >
> >
> > Ranj,
> >
> > Heh, uhm emphasis on "a bit about" ;) ... The two don't contradict
>
> each
>
> > other, rather, encryption is what makes a Virtual Private Network.
>
> Based
>
> > on
> > the definition: "A Virtual Private Network extends a local area
>
> network
>
> > to a
> > remote location or traveling user through an encrypted tunnel.
>
> Utilizing
>
> > different protocols like IKE, hashing algorithms such as
>
> Diffie-Helman,
>
> > and
> > (3) Triple DES and/or single DES encryption , etc. you accomplish
this
> > task.  
> > So you can't exactly have a VPN without encryption :) I hope this
>
> helps
>
> > to
> > clarify VPNs for you. If not, there are several good whitepapers at
> > (marketing plug here) www.fatelabs.com and vpnc.org :)
> >
> > Loki
> > www.fatelabs.com
> >
> > On Friday 16 November 2001 12:22 pm, Ranjbar Hassan wrote:
> > > Hi
> > > I've read a bit about VPN on different sites. My question is :
> > > What is the relation between VPN and encryption? Is it possible to
> > > have VPN without encryption? is encryption with VPN optional or a
> > > must?
> > >
> > > Best regards,
> > > Ranj
> > >
> > >
> > > VPN is sponsored by SecurityFocus.com

-- 
==============================================
Loki
Founder, Chief Research Scientist
Fate Research Labs
United States VPN Division
----------------------------------------------------------------
[w] http://www.fatelabs.com
[e] loki at fatelabs.com
[p] 412-303-3115
==============================================

VPN is sponsored by SecurityFocus.com

More information about the VPN mailing list