Tip

Alternative encryption algorithms

 

Alternative encryption algorithms
Tom Lancaster

In the world of VPNs, the de facto standard for encryption is DES and its big brother 3DES. These algorithms are ubiquitous and easy to use, but they have a couple downsides. DES is weak and 3DES is expensive and slow.

The DES algorithm uses a 56-bit key that can be compromised with a brute-force attack in a surprisingly short period of time. Cheap processing power has come a long way in the past few years. Although 3DES dramatically increases the key length, many vendors charge a substantial fee for its use.

You might be surprised to learn that there are many other algorithms available. One such example is Blowfish, which was written by Bruce Schneier. The Blowfish algorithm is also a block cipher with a variable key length, but its key length tops out at 448 bits, which is truly a lot.

Equally important is the fact that it is freely available to the public. In fact, Bruce's website, at

    Requires Free Membership to View

www.counterpane.com, lists over 150 products that use this algorithm, many of which are open-source and free. One such example is a product called Tunnel Vision VPN, which is a Linux-based product available at http://open.nit.ca/tunnelv/. Another is "vpnd" available at http://sunsite.dk/vpnd/. For small organizations, one of these two products will likely meet your needs.

One other advantage to these products is that they are both built outside the United States. This is no coincidence, as the US has practically outlawed security by imposing absurd export restrictions on the key-lengths although they have been relaxed slightly in the recent past. What this means to you is that by using a foreign product, your company can still maintain strong key-lengths on international tunnels. (Of course, these restrictions may change at any time and other countries may have similar laws, so be sure to get a qualified legal opinion if you have any doubts.)

Thomas Alexander Lancaster IV is a consultant and author with over ten years experience in the networking industry, focused on Internet infrastructure.


This was first published in April 2002

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.