[vpn] VPN - encryption

Loki loki at fatelabs.com
Fri Nov 16 16:18:18 EST 2001


BTW:
Diffie Helman is USED in Key Exchange, but IS a hashing algorithm.. Just like 
MD5 can be USED in Key Exchange, but is a hashing algorithm, and not a method 
of key exchange.. That's what IKE is for.. MD5/DH are used IN IKE

End of thread




On Friday 16 November 2001 03:56 pm, Christopher Gripp wrote:
> Hmm..  Can you name those sources that call it a HASH?  How about
> starting at the root with the RFC.  It's # 2631 [
> http://www.ietf.org/rfc/rfc2631.txt?number=2631 ] just in case you
> haven't read it yet.  Hash functions and Key Exchanges algorithms are 2
> different animals.  I don't see how ANYONE could confuse the 2.
>
>
>
>
> Christopher Gripp
> Systems Engineer
> Axcelerant
>
> "Never tell people how to do things. Tell them what to do and they will
> surprise you with their ingenuity."
>
> -General George S. Patton
>
>
>
>
>
>
>
>
>
> -----Original Message-----
> From: Loki [mailto:loki at fatelabs.com]
> Sent: Friday, November 16, 2001 12:57 PM
> To: Christopher Gripp; vpn at securityfocus.com
> Subject: Re: [vpn] VPN - encryption
>
> :D Thanks, my cut and paste abilities are well seasoned :) Fjear
>
> "emulate 3
> button mouse in XWindows" :)
>
> As for the additional word of "hashing" being used.. I think its safe to
> say
> that definitions are all relative to individual people. In many
> discussions
> and also books, I've seen it referred to as "hashing with Diffie Helman"
> or
> the "Diffie-Helman Hash" Kind of interesting..
>
> Loki
> www.fatelabs.com
>
> On Friday 16 November 2001 03:46 pm, Christopher Gripp wrote:
> > I agree a VPN across the Internet without encryption is seriously
> > flawed.
> >
> > I agree  Diffie-Helman is an algorithm.  Just not a HASHING algorithm.
> > As for the the explanation of how it works, not needed, but I
>
> appreciate
>
> > your ability to cut and paste.
> >
> >
> >
> >
> > Christopher Gripp
> > Systems Engineer
> > Axcelerant
> >
> > "Never tell people how to do things. Tell them what to do and they
>
> will
>
> > surprise you with their ingenuity."
> >
> > -General George S. Patton
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > -----Original Message-----
> > From: Loki [mailto:loki at fatelabs.com]
> > Sent: Friday, November 16, 2001 12:50 PM
> > To: Christopher Gripp; vpn at securityfocus.com
> > Subject: Re: [vpn] VPN - encryption
> >
> >
> > Please accept this as constructive criticism rather than trying to
>
> start
>
> > a
> > thread war over relative definitions of what a "vpn" is. But I do not
> > understand why someone would deploy a VPN without ensuring encryption
>
> of
>
> > the
> > data.
> >
> > Also, Diffie Helman is actually defined as an algorithm: I quote Bruce
> > Schneir:
> >
> > "Diffie-Hellman is a fairly simple two-step key-exchange technique.
>
> Two
>
> > parties each generate a random value and apply the first step in the
> > Diffie-Hellman ___algorithm___. They exchange the results of these
> > calculations and apply the second step calculation. This results in
>
> each
>
> > side
> > creating the same final value in a secure manner. The public values
>
> are
>
> > g,
> > the generator, and n, a prime value. The final result created by both
> > parties
> > is often referred to as Z. If you read the appendices in the WTLS
>
> specs
>
> > you
> > will find two entries with a predefined g and n for the WTLS
> > Diffie-Hellman
> > __algorithm___ implementations.
> > From "Applied Cryptography" by Bruce Scheiner:
> >
> > The math is simple. First, Alice and Bob agree on a large prime, n and
> > g,
> > such that g is primitive mod n. These two integers don't have to be
> > secret;
> > Alice and Bob can agree to them over some insecure channel. They can
> > even be
> > common among a group of users. It doesn't matter.
> >
> > Then, the protocol goes as follows:
> >
> > (1) Alice chooses a random large integer x and sends Bob
> >
> > X=(g**x) mod n
> >
> > (2) Bob chooses a random large integer y and sends Alice
> >
> > Y=(g**y) mod n
> >
> > (3) Alice computes
> >
> > Z=(Y**x) mod n
> >
> > (4) Bob computes
> >
> > Z'=(X**y) mod n
> >
> > On Friday 16 November 2001 03:36 pm, Christopher Gripp wrote:
> > > Just a minor correction so as not to misinform anyone.  Diffie
>
> Helman
>
> > is
> >
> > > NOT a hashing algorithm.  Diffie-Hellman is a key agreement
>
> algorithm
>
> > > used by two parties to agree on a shared secret.
> > >
> > > MD5 and SHA1 are the 2 most common in use today.
> > >
> > > As for the statement that 'encryption is what makes a VPN'  Well...
>
> I
>
> > > and others disagree but, you can have your opinion.
> > >
> > >
> > >
> > >
> > > Christopher Gripp
> > > Systems Engineer
> > > Axcelerant
> > >
> > > "Never tell people how to do things. Tell them what to do and they
> >
> > will
> >
> > > surprise you with their ingenuity."
> > >
> > > -General George S. Patton
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > -----Original Message-----
> > > From: Loki [mailto:loki at fatelabs.com]
> > > Sent: Friday, November 16, 2001 11:20 AM
> > > To: vpn at securityfocus.com
> > > Subject: Re: [vpn] VPN - encryption
> > >
> > >
> > >
> > > Ranj,
> > >
> > > Heh, uhm emphasis on "a bit about" ;) ... The two don't contradict
> >
> > each
> >
> > > other, rather, encryption is what makes a Virtual Private Network.
> >
> > Based
> >
> > > on
> > > the definition: "A Virtual Private Network extends a local area
> >
> > network
> >
> > > to a
> > > remote location or traveling user through an encrypted tunnel.
> >
> > Utilizing
> >
> > > different protocols like IKE, hashing algorithms such as
> >
> > Diffie-Helman,
> >
> > > and
> > > (3) Triple DES and/or single DES encryption , etc. you accomplish
>
> this
>
> > > task.  
> > > So you can't exactly have a VPN without encryption :) I hope this
> >
> > helps
> >
> > > to
> > > clarify VPNs for you. If not, there are several good whitepapers at
> > > (marketing plug here) www.fatelabs.com and vpnc.org :)
> > >
> > > Loki
> > > www.fatelabs.com
> > >
> > > On Friday 16 November 2001 12:22 pm, Ranjbar Hassan wrote:
> > > > Hi
> > > > I've read a bit about VPN on different sites. My question is :
> > > > What is the relation between VPN and encryption? Is it possible to
> > > > have VPN without encryption? is encryption with VPN optional or a
> > > > must?
> > > >
> > > > Best regards,
> > > > Ranj
> > > >
> > > >
> > > > VPN is sponsored by SecurityFocus.com

-- 
==============================================
Loki
Founder, Chief Research Scientist
Fate Research Labs
United States VPN Division
----------------------------------------------------------------
[w] http://www.fatelabs.com
[e] loki at fatelabs.com
[p] 412-303-3115
==============================================

VPN is sponsored by SecurityFocus.com





More information about the VPN mailing list