| To: | cipe-l,AT,inka,DOT,de |
| Subject: | Re: About P.Gutmann's critique of CIPE - etc. etc. |
| From: | Allan Latham <alatham,AT,flexsys-group,DOT,com> |
| Date: | Fri, 26 Sep 2003 15:51:35 +0200 |
| In-reply-to: | <1064581151.426.114.camel@eris> |
| References: | <003901c38425$3fcf1c20$d620a8c0@pcw_hans.hnsasd.priv> <1064581151.426.114.camel@eris> |
Hi all it really is time for you all to ponder on the simple fact that all human creations are flawed in some way or other. In some cases we can see the flaws in others they remain in darkness until they come to bite us at the least appropriate time. A brief summary: CIPE has a small code base and a record of stability. CIPE employs a crypto design which is easy to understand and audit. CIPE has know theoretical weaknesses with so far as we know of no exploits. IPsec has a huge code base and depends on libraries written by different teams than those who wrote IPsec. IPsec has a complex crypto model that few are capable of analysing. IPsec is believed to be secure. (i.e. no one has found the weakness yet). Please bear in mind that none of the crypto behind either of these products is proven to be secure on a mathematical basis. Only one time pads are known to be secure. As a user of one of the above you must decide where the greatest risks lie. Do they lie in a successful attack on the cryptography used in CIPE? Do they lie in the complex model or the huge code base of IPsec? Correct me if I'm wrong but every successful attack on a crypto product (other than genuine snake oil stuff) has been by exloiting progam bugs not by clever cryptanalysis. You pay your money (OK - so it's free) and take your choice. Until someone can detail to me a real weakness in CIPE that is capable of being exploited I prefer this "rather old" workhorse. My money says there will be a program bug breakdown of one or other IPsec implementation before there is a similar failure in CIPE. Have a fine weekend everyone Allan