"Eric M. Hopper" <hopper,AT,omnifarious,DOT,org>|
RE: CRC32 - thoughts on Gutmann response|
Renato Salles <rsalles,AT,rsnetservices,DOT,com,DOT,br>|
Fri, 26 Sep 2003 11:02:32 -0300 (BRT)|
On Fri, 26 Sep 2003, Eric M. Hopper wrote:
> On Fri, 2003-09-26 at 00:47, Joseph Jamieson wrote:
> > To more people then you would think, security just isn't a major factor.
> > Cipe is very easy to install and run, it's solid as a rock, and it
> > includes some good encryption. Not to mention it's nice and fast.
Well, IMHO "some good encryption" is not enough. Very good encryption and
near impossible to be "cracked" is enough. If CIPE would only be
implemented in my own servers, the dammage that a security break would
have as result could be restrict to my assets. But this is no more the
case: In fact (infect?), as a small Linux firm as we are, our custommers
trust us: they beleive we know what we're doing when deploing a VPN
solution to them. A security break could have deep legal and financial
concerns to us, and one could ask me: why do you keep using it after
knowing that, even if in very speciall circunstances the privacy and
the content's integrity could be compromised? Well, three days ago, i
could say that nobody never discovered a security breach in CIPE, but this
is no more the case.
I'll continue to follow the developement list closely, giving a hand to
the newbees when it's possible, but my intention is to stop imediately to
deploy CIPE to new clients until all this concers become more clearly
adressed and the main developpers of CIPE decide themselves where are we
I'm not sure if a did read somewhere or did just imagine it, but is
OpenVPN a CIPE fork? Maybe it's time to "merge" or something? Is this
"possible"? I'm not sure but would like to listen to the oppinions coming
from the maillist because i consider CIPE as a protocol and OpenVPN only
a software using networking facilities already well known as well the
cryptographic resources like TLS.
I would suggest that the CIPE devel team contacts each other to build a
permanent staff to develop security fixes to the CIPE protocol and PKCIP
if this is the case. Myself, maybe i can try to "hire" people at the
security community even not being known there at all - with few chances of
success but still wanting to help.
There is no reason to screem "wolf, wolf" to the lambs - this is a
literal traduction from pt_BR, maybe not well understood by others - but
something MUST be donne, and the soon we begin, faster we leave this
unconfortable situation where Mr. P.G. brought us to.
My best regards the list subscribers,
> > It's not the perfect security model, but for a good many people, it Just
> > Works.
> > At my company, we have set up cipe between many small offices quite
> > successfully. They do e-mail and other such things over it, usually
> > with low end DSL lines and cable modems. Heavy duty unbreakable
> > security just isn't too important; if someone is going to spend enough
> > time to crack the session and read the data, they'd see a whole lot of
> > nothing.
> Good security isn't just for you, it's for everybody you share the
> Internet with. Once a tool can be shown to have weaknesses that can be
> fixed, they should be fixed, no excuses, no "it's good enough for my
> purpose", none of that. That way leads one day to an Internet that's
> completely unusable for the vast majority of people because of DDOS
> attacks and whatever else.
> I'm not saying that if CIPE isn't fixed right now that it's a total
> disaster. I'm just saying that this kind of argument against fixing
> something isn't at all valid, and not worth paying attention to.
> > If someone could come up with a VPN that was as firewall friendly, fast,
> > and as easy to set up as cipe, but with all the latest and greatest
> > security measures, great! If not, I'll still use it, at least until all
> > the theory is proven and someone actually cracks cipe.
> This, I sort of agree with. What should happen is that CIPE should be
> fixed. It's possible that OpenVPN and CIPE should be merged. IMHO,
> IPSEC should be completely abandon because it's too complex to implement
> securely or even interoperably.
> The utter simplicity (comparitively anyway) of configuring CIPE means it
> should stay around. Complexity is the enemy of security. The minor
> modifications that would make it more secure aren't very difficult to
> implement, and don't add significantly to the complexity of the protocol
> or the complexity of the implementation. Unfortunately, they do mean
> that a new, incompatible protocol needs to be created.
> > Nobody said cipe was a replacement for SSL/SSH. What an ignorant
> > bastard.
> Simply because his tone was snotty, snide and incendiary doesn't mean
> the points aren't valid. It is clear that he didn't study CIPE as
> carefully as he could've, but he wasn't being payed for a security
> audit, was he? When one gets things for free, like the attention of
> someone who mostly knows what they're talking about, it's good to try to
> pull out the useful things and ignore the not so useful things. That's
> the lubricant that greases the Open Source world.
> Have fun (if at all possible),
> There's an excellent C/C++/Python/Unix/Linux programmer with a wide
> range of other experience and system admin skills who needs work.
> Namely, me. http://www.omnifarious.org/~hopper/resume.html
> -- Eric Hopper <hopper,AT,omnifarious,DOT,org>