[plug] Encyption algorithms

[Christian]

Beau Kuiper wrote:
> Well, DES is as good as useless unfortunately. There probably are better
> choices. You are probably right about CAST-128 not being as well cryptanalysed
> as other algorithms. But I think I will stick with CAST-128 since it is well
> described, there are no weak keys, it is fast, has 128-bit protection, and it
> hasn't got any patent problems. If any major problems are found with CAST-128
> in the future, then it would be pretty simple to replace it with blowfish or
> triple DES.

Why is DES "as good as useless"?  I would still say 3DES would be your
best choice.  As for replacing it in the future, I'm not sure that would
be quite as easy as you imagine -- consider the difficulty should this
program of yours become widely used.

> > Of course, it really depends on the purpose you need the encryption
> > for...
> 
> It is intended to encrypt both control and data connections on an ftp
> communication link.

You can use scp for effectively this already - but you probably know
this.

> You should have a read of RFC 2228, It describes security extensions for the
> FTP protocol. Of course, I will have to modify a client to actually use these
> security extensions too.

Actually, I shouldn't read it at all because I'm not implementing an FTP
client/server.  Since you are, however, I'm glad you have. :)  I don't
know whether this is a serious exercise or just hacking around for the
fun of it but the Free software world is very much in need of a
fully-featured FTP server right now due to all the security flaws that
have been found in WU-FTPD and ProFTPd.  It would be great for a new
ftpd to appear that supported all the features that ProFTPd does...
*hint*

Regards,

Christian.

-- 
If you can't beat your computer at chess, try kickboxing.