it really is time for you all to ponder on the simple fact that all human
creations are flawed in some way or other. In some cases we can see the flaws
in others they remain in darkness until they come to bite us at the least
A brief summary:
CIPE has a small code base and a record of stability.
CIPE employs a crypto design which is easy to understand and audit.
CIPE has know theoretical weaknesses with so far as we know of no exploits.
IPsec has a huge code base and depends on libraries written by different
than those who wrote IPsec.
IPsec has a complex crypto model that few are capable of analysing.
IPsec is believed to be secure. (i.e. no one has found the weakness yet).
Please bear in mind that none of the crypto behind either of these products
proven to be secure on a mathematical basis. Only one time pads are known to
As a user of one of the above you must decide where the greatest risks lie.
Do they lie in a successful attack on the cryptography used in CIPE?
Do they lie in the complex model or the huge code base of IPsec?
Correct me if I'm wrong but every successful attack on a crypto product
than genuine snake oil stuff) has been by exloiting progam bugs not by clever
You pay your money (OK - so it's free) and take your choice.
Until someone can detail to me a real weakness in CIPE that is capable of
being exploited I prefer this "rather old" workhorse.
My money says there will be a program bug breakdown of one or other IPsec
implementation before there is a similar failure in CIPE.
Have a fine weekend everyone