lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
From: alexandre.dulaunoy at ael.be (Alexandre Dulaunoy)
Subject: My response to both the analysis of CIPE by
 Gutmann, Slashdot and the response by the CIPE list

On Thu, 25 Sep 2003, Florian Weimer wrote:

> On Thu, Sep 25, 2003 at 03:43:06AM +0200, Jake Appelbaum wrote:
> 
> > After reading Gutmann's short but to the point email a few points that
> > he made seemed obvious. Some of the flaws were not so obvious. CIPE
> > seemed to have some very simple flaws and some of the fixes were easy to
> > implement.
> 
> The CRC flaw is not easy to correct.
> 
> > I found a some of it delivered in such a manner that would upset people
> > who were highly vested in the projects he was criticizing. Perhaps it was
> > the comment that I also found to be so amusing, something to do with
> > sound waves. Amusing as it may be, it's still quite harsh.
> 
> Especially as some of the flaws (the replay attacks) are actually
> documented in the manual.
> 
> > I then read through the posts on Slashdot that declared CIPE to be
> > dead. I found these to be really immature and silly considering the
> > nature of F/OSS.
> 
> Maybe it's not dead, but I'd rather not use security software which is
> unmaintained.  (Several people tried to reach Olaf and failed.)

FYI 

Around the same subject and about the Peter's paper :

http://openvpn.sourceforge.net/

and a reply from Peter and the author about OpenVPN :

http://sourceforge.net/mailarchive/forum.php?thread_id=3177601&forum_id=8453
http://sourceforge.net/mailarchive/message.php?msg_id=6123958

OpenVPN is free software and there is a port for WIN32 too... 


-- 
-- 	  	     Alexandre Dulaunoy (adulau) -- http://www.foo.be/
-- 	   http://pgp.ael.be:11371/pks/lookup?op=get&search=0x44E6CBCD
-- 	   "Knowledge can create problems, it is not through ignorance
-- 				  that we can solve them" Isaac Asimov

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ