Dear Thaths,
You said >>>>>
The security (integrity of a system against crackage. i.e. software
security) that we discussed is not, IMO, the same as the security
(encryption etc. i.e. data security) .
>>Whether you talk of security in the network(protecting your servers) or
software or protocols, You use the same old paddlocks to lock em. i.e the
same ol algorithms are used , the only diference being the strength of
security used.The point is are you sure, you have the best posssible means??
You're right ,
The US Govt. _used_ to treat high grade
encryption software an munitions. They realized the folly of their policy
and have eased restrictions on encruption export.
But ,restrictions were raised on 128bit key encryption. That might make you
wonder, if NSA
finds it easy meat already can the hacks be far behind.
Versions of PGP using the RSA / IDEA algorithm have
been available in international mirror sites for a while now. The legality
of using them, however, is not completely clear ? I'have one in my box at
home and it's not illegal.
Phil Zimmerman the author of PGP got into some tiff with the NSA, over
exporting encryption , but
he never sold any ,he gave it away for free,so they had to let em go , but
not before making changes in the algorithm and reducing the strength of the
keys.
1)Does that reassure you in any way ,about the strength of the package ?
2) Do you think it is safe to use something like that in VPN implementing
software ?
Bye
Kaushik Sen
Equitel Franchise Pvt Ltd.
<sbsen2cal2.vsnl.net.in>
<[EMAIL PROTECTED]>
-----------------------------------------------------------------------
For information on this and other Linux India mailing lists check out
http://lists.linux-india.org/
