Alternative encryption algorithms
In the world of VPNs, the de facto standard for encryption is DES and its big brother 3DES. These algorithms are ubiquitous and easy to use, but they have a couple downsides. DES is weak and 3DES is expensive and slow.
The DES algorithm uses a 56-bit key that can be compromised with a brute-force attack in a surprisingly short period of time. Cheap processing power has come a long way in the past few years. Although 3DES dramatically increases the key length, many vendors charge a substantial fee for its use.
You might be surprised to learn that there are many other algorithms available. One such example is Blowfish, which was written by Bruce Schneier. The Blowfish algorithm is also a block cipher with a variable key length, but its key length tops out at 448 bits, which is truly a lot.
Equally important is the fact that it is freely available to the public. In fact, Bruce's website, at
One other advantage to these products is that they are both built outside the United States. This is no coincidence, as the US has practically outlawed security by imposing absurd export restrictions on the key-lengths although they have been relaxed slightly in the recent past. What this means to you is that by using a foreign product, your company can still maintain strong key-lengths on international tunnels. (Of course, these restrictions may change at any time and other countries may have similar laws, so be sure to get a qualified legal opinion if you have any doubts.)
Thomas Alexander Lancaster IV is a consultant and author with over ten years experience in the networking industry, focused on Internet infrastructure.
This was first published in April 2002