Firewall Wizards mailing list archives

Re: strong encryption for Europeans

From: Jyri Kaljundi <jk () stallion ee>
Date: Tue, 28 Oct 1997 14:30:14 +0200 (EET)

On Mon, 27 Oct 1997, Ekaterina N. Ivannikova wrote:

I would like to know which options are available to Europeans with regard
to strong encryption VPNs. It appears that most of well known firewall
vendors are US companies and their VPNs are subjects to US law export 
restrictions.


You are right, that any encryption product coming from US always uses weak
encryption. This is a hard question and there are not many solutions. 
What we have used is Data Fellows F-Secure VPN, which is made in Finland
by the same company that has done SSH, it actually does use SSH protocol
internally (until IPSEC becomes available some day). It installs on a
Pentium PC with 2 network cards, 16MB RAM and hard disk and since the
software uses a Unix kernel, you do not need any OS running on the
machine. It uses Blowfish and 3DES for encryption and RSA for
authentication. Basically once you install the software, you don't touch
it very much, it is robust and stable. I think you can achieve speeds of
up to 2Mbps.

For a list of companies that are otherwise active in the VPN arena, you
could for example start from the IPSEC/ISAKMP companies page
(http://www.sun.com/security/skip/) and see if there are any other non-US
vendors with shipping products. 

And BTW, is anyone using the free Linux/*BSD* IPSEC parts for building
VPN's? How reliable and stable are these?

Another question: how strong is Check Point's FWZ1 ? What is its key 
length ? Are there any estimates as to how breakable it is ? Our local FW-1 
reseller could not enlighten me in the matter.


48 bits and the algorithm is proprietary. I would say it is less secure
than a public 40 bit algorithm would be (since nobody knows how it
actually works), and since 40 bit encryption should be considered easily
breakable, it should not be used. So Check Point encryption products are
nice to play with, but should be never be used in real life outside the
US. There is a DES version available only in US and this is a question of
taste, if 56-bit encryption can be still used or not, depends on the level
of security you need.

And yes, we are resellers for both Data Fellows and Check Point among
others.

Jyri Kaljundi
jk () stallion ee
AS Stallion Ltd
http://www.stallion.ee/

Current thread:

strong encryption for Europeans Ekaterina N. Ivannikova (Oct 27)
- Re: strong encryption for Europeans Jyri Kaljundi (Oct 30)
- Re: strong encryption for Europeans Magossa'nyi A'rpa'd (Oct 30)
- cost of frame relay snooping Jyri Kaljundi (Oct 30)
- Re: strong encryption for Europeans Martin W Freiss (Oct 30)