Date: Mon, 25 Sep 2000 12:44:47 -0400 From: "Brian F. Feldman" <green@FreeBSD.org> To: Scot Elliott <scot@london.sparza.com> Cc: "Brian F. Feldman" <green@FreeBSD.org>, CrazZzy Slash <slash@krsu.edu.kg>, Ali Alaoui El Hassani <961BE653994@stud.alakhawayn.ma>, freebsd-security@FreeBSD.org, Peter Pentchev <roam@orbitel.bg> Subject: Re: Encryption over IP Message-ID: <200009251644.e8PGim554314@green.dyndns.org> In-Reply-To: Message from Scot Elliott <scot@london.sparza.com> of "Mon, 25 Sep 2000 16:44:53 BST." <Pine.GSO.4.21.0009251642550.7013-100000@hagop.london.sparza.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> I'm not sure that's the point. > > If you're using SSH to tunnel between two networks, across the public > Internet then there is a chance of your encrypted datastream being > intercepted and analysed. If there's a large amount of data then the > chance of the key being found and therefore your unencrypted data exposed > - is much higher. You still have to know at least some chunks of the plaintext to do that. You simply _cannot_ brute force any moderately decent algorithm with reasonable key length. For example, Blowfish (commonly) uses a 160 bit key. To do 2^160 operations of anything in a reasonable amount of time would be astounding, much less 2^160 different blowfish encryptions (note that it takes about 26 operations to encrypt one byte of data; that does not take into account the very low key agility which is much more significant for being able to brute-force it). There aren't any chosen-plaintext or known-plaintext attacks against it; if there were, you would still have to push that much data through the tunnel; even chosen-plaintext attacks against a non-trivial algorithm require a huge amount of data to be encrypted. In other words, don't worry about it. -- Brian Fundakowski Feldman \ FreeBSD: The Power to Serve! / green@FreeBSD.org `------------------------------' To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200009251644.e8PGim554314>