Firewall Wizards mailing list archives
Re: strong encryption for Europeans
From: Jyri Kaljundi <jk () stallion ee>
Date: Tue, 28 Oct 1997 14:30:14 +0200 (EET)
On Mon, 27 Oct 1997, Ekaterina N. Ivannikova wrote:
I would like to know which options are available to Europeans with regard to strong encryption VPNs. It appears that most of well known firewall vendors are US companies and their VPNs are subjects to US law export restrictions.
You are right, that any encryption product coming from US always uses weak encryption. This is a hard question and there are not many solutions. What we have used is Data Fellows F-Secure VPN, which is made in Finland by the same company that has done SSH, it actually does use SSH protocol internally (until IPSEC becomes available some day). It installs on a Pentium PC with 2 network cards, 16MB RAM and hard disk and since the software uses a Unix kernel, you do not need any OS running on the machine. It uses Blowfish and 3DES for encryption and RSA for authentication. Basically once you install the software, you don't touch it very much, it is robust and stable. I think you can achieve speeds of up to 2Mbps. For a list of companies that are otherwise active in the VPN arena, you could for example start from the IPSEC/ISAKMP companies page (http://www.sun.com/security/skip/) and see if there are any other non-US vendors with shipping products. And BTW, is anyone using the free Linux/*BSD* IPSEC parts for building VPN's? How reliable and stable are these?
Another question: how strong is Check Point's FWZ1 ? What is its key length ? Are there any estimates as to how breakable it is ? Our local FW-1 reseller could not enlighten me in the matter.
48 bits and the algorithm is proprietary. I would say it is less secure than a public 40 bit algorithm would be (since nobody knows how it actually works), and since 40 bit encryption should be considered easily breakable, it should not be used. So Check Point encryption products are nice to play with, but should be never be used in real life outside the US. There is a DES version available only in US and this is a question of taste, if 56-bit encryption can be still used or not, depends on the level of security you need. And yes, we are resellers for both Data Fellows and Check Point among others. Jyri Kaljundi jk () stallion ee AS Stallion Ltd http://www.stallion.ee/
Current thread:
- strong encryption for Europeans Ekaterina N. Ivannikova (Oct 27)
- Re: strong encryption for Europeans Jyri Kaljundi (Oct 30)
- Re: strong encryption for Europeans Magossa'nyi A'rpa'd (Oct 30)
- cost of frame relay snooping Jyri Kaljundi (Oct 30)
- Re: strong encryption for Europeans Martin W Freiss (Oct 30)