512 bit DH keys strike me as too short for key exchange, and 512 bit
RSA keys will be within range of attack in a few years.
I don't understand why an Israeli company doesn't ship with strong
cryptography. The inclusion of strong cryptography would be a large
selling point for Firewall-1 for international companies.
I'd suggest 1024 bit DH, and 2048 bit RSA, covering the use of ARC4,
Blowfish, IDEA, or 3des as the bulk cipher. IDEA is patented, and so
would take licensing.
Adam
Nassim Chaabouni wrote:
| >Are there any firewalls, that would allow building secure virtual private
| >networks (VPN) and be available in Europe?
| >
| >Most of the firewalls are made or shipped from USA, which means the
| >encryption they use is weak and easily breakable. No encryption software
| >that is actually strong is allowed to be exported from US, that's a fact.
| >And I don't believe this will change in the nearest years.
| >
| >Especially bad this is with Firewall-1, which uses a proprietary algorithm
| >FWZ1, which they do not want to give any details on. And as the key size
| >is 48 bits, I don't believe it is not secure enough for places where you
| >want to be really certain what you are doing. Although Firewall-1 VPN
| >solution is otherwise very nice product, this weak encryption makes it
| >unusable. This applies to all the other firewall products also, that come
| >from US. So are there some non-US tunneling products that we could use?
| >Juri Kaljundi
|
|
| The key length of the encryption algorithm used in FWZ1 is 48 bits
|
| I can see drawbacks of proprietary encryption algorithms espacially
| not published ones but:
|
| IHMO the key length is not the only way to assess the
| security of a transaction. Let me give you two arguments:
|
| 1- Using a 64 bits DES key is certainly more difficult to attack than a
| 40 bits
| DES key, but it is safer to use a 40 bits key changing in each transaction
| than using a 64 bits key that does not change, because you give more
| time to the hacker to attack the algorithm.
| So this means that to be efficient, the key need to be constantly changing
|
|
| 2- However, in all Private key encryption algorithms both sender and receive=
| r
| need to agree on the same key before any encryption (the same key will
| be used to encrypt and decrypt), So no matter how long the key is, if the
| hacker succeed to get the key, he can decrypt all the traffic. (Obvious,
| isn't it)
| =3D=3D> we need another secure way to convey the key to the recepient.
|
| So, the "challenge" would be to change the key constantly and
| transmit it "securely".
|
| with Firewall-1, It is true that FWZ1 with
| 48 bit key (or DES 56) might not be the best algorithms ,
| but the key is constantly
| changing ( actually each session has its own key generated by the
| Diffie Hellman (D-H) Key management alghorithm and each packet key
| is a combination of the session key and the packet header =3D> So each
| packet uses a different key making it very difficult to attack).
|
| Again both ends agree on the encryption key with the Diffie Hellman
| public algorithm used for key management (512 bits key length).
| the pair (g, p) of D-H is, public, common to the sender and receiver,
| the D-H alghorithm is used to generate the session keys.
|
| Now to secure the third party attack on D-H, Firewall-1 uses
| RSA 512 to produce digital signatures (management station or
| external party acting as a certificate authority).
|
| Regards
--
"Every year the Republicans campaign like Libertarians, and then go to
Wasthington and spend like Democrats."
Vote Harry Browne for President. http://www.harrybrowne96.org
References:
|
|
