[plug] Encyption algorithms

[Christian]

Beau Kuiper wrote:
> > Why is DES "as good as useless"?  I would still say 3DES would be your
> > best choice.  As for replacing it in the future, I'm not sure that would
> > be quite as easy as you imagine -- consider the difficulty should this
> > program of yours become widely used.
> 
> I should have said single DES. Triple DES is still very usable. Also CAST-128
> has been scrutinized for over 10 years, but I could probably implement both :)

Yeah, but I never suggested single DES. :)  CAST-128 is probably ok --
I've just not heard that much about it so it seems a little strange to
choose that one over the others.  Ideally though you should implement
several ciphers (eg, DES, 3DES, Blowfish, CAST-128, Skipjack and
something weak like 40-bit RC4 -- although I'm not sure what the
latter's patent status is).  That way client and server could negotiate
their preferred cipher (I don't know what the standards say about this
but one would expect that they would make an allowance for it).  This
would make different implementations useful in different situations, for
example for people without "strong" crypto could use the weak RC4.  US
government people could use DES or Skipjack where appropriate etc.

> > You can use scp for effectively this already - but you probably know
> > this.
> 
> Ah, but it is always good to have more choice. FTP is generally easier to set
> up to.

Definitely -- I've heard of people playing with the idea of a secure
ftpd before but nothing serious so good luck with it all. :)

> http://www.arach.net.au/~wildfire/muddleftpd
> 
> Sorry about the shameless plug

Don't be -- sometimes I think this list is shameless PLUG. :-)

Regards,

Christian.

-- 
People shouldn't think that it's better to have loved and lost than
never loved at all.  It's not, it's better to have loved and won.
All the other options really suck.    --Dan Redican