[Openswan Users] Openswan Linux Client to SonicWall Windows
Francesco Peeters
Francesco at FamPeeters.com
Wed Sep 27 13:12:18 EDT 2006
On Wed, September 27, 2006 16:51, Paul Wouters wrote:
> On Wed, 27 Sep 2006, Bas Driessen wrote:
>
>> Going through the lists, I found out that DES is not supported by
>> default in OpenSwan, so I have re-compiled the package by setting the
>> USE_WEAKSTUFF?=true flag in the Makefile.inc and also corrected the line
>> to WEAK_DEFS=-DUSE_VERYWEAK_DH1=1 -DUSE_1DES in the Makefile of Pluto.
>> All compiles OK. I know that 3DES is better etc, but this is out of my
>> control. I have to get it to work with the current setup.
>
> You might also need to set USE_BROKEN=yes
>
> 3DES is not "better". 1DES is trivially brute forced. You have no VPN. You
> better make sure your boss knows that, and gets it in writing, so that
> you can blame management for this unwise decision.
>
Add to that the fact that SNWL ASICS can decrypt 3DES at the same rate as
DES, and there is very little reason not to use it...
--
Francesco Peeters
----
GPG Key = AA69 E7C6 1D8A F148 160C D5C4 9943 6E38 D5E3 7704
If your program doesn't recognize my signature, please visit
http://www.CAcert.org/index.php?id=3 to retrieve the Root CA certificate.
More information about the Users
mailing list