FW: CISCO PIX Vulnerability
Wed, 17 Jun 1998 10:40:58 -0500
Adam Shostack's characterization of DES based products as "stupid" is
important to examine, since DES is a mandatory part of all IPSEC
implementations, and is currently the strongest product that some vendors
Blanket criticism of short key lengths may be a worthwhile exercise for
crypto theoreticians, but it's misplaced when looking at the "big picture"
of information security. Sites accept lots and lots of vulnerabilities that
are far riskier than even 40 bit encryption.
Let's face it -- lots of people HAVE defaced web sites, they HAVE sniffed
reusable passwords, insiders HAVE stolen plaintext lists of credit card
numbers, con artists HAVE tricked people out of their money on the
Internet. On the other hand, there are NO reports of a criminal or
competitor having ever mounted a brute force cracking attack on a
commercial enterprise and caused it real damage. The fact that custom
cracking machines *could* exist does not mean that there is an economic
justification to cause them to exist. References to Morris, Sr., simply
underline the difference between the NSA's attitude and the real world of
commercial security (another interesting philosophical topic).
Naturally people should use the longest crypto keys they can get, but it's
not the only technical feature deters attacks. If a product with shorter
keys protects just the right traffic and runs safely and reliably in other
ways, then it might be a better choice. Many companies are better with
their crufty old DES hardware and highly developed internal procedures than
they'd be with the latest 128 bit VPN equipment and unfamiliar
administrative procedures. Security systems WILL fail regardless of how
long the key is. Sites can only expend finite resources, and they have to
cover ALL the threats as best they can.