Slashdot Mirror

← Back to Stories (view on slashdot.org)

Flaw Found in VPN Crypto Security

Posted by Zonk on from the dire-straights dept.

peeon writes "CNET reports the British National Infrastructure Security Coordination Centre has discovered a flaw in IPSEC protocol. From the article: 'The flaw, which the NISCC rates as "high" risk, makes it possible for an attacker to intercept IP packets traveling between two IPsec devices. They could then modify the encapsulation security payload--a subprotocol that encrypts the data being transported.'"

6 of 106 comments (clear)

  1. VPN by OverflowingBitBucket · · Score: 4, Funny

    Well, I guess it stands for Virtual Public Network now. ;)

  2. Sweet Friday the 13th! by Mad_Rain · · Score: 3, Funny

    So let's see, first there was the Intel Hyperthreading Vulnerability, then there was a patch to an Apple security flaw and now this....

    So who came out a winner betting on this trifecta? ;)

    --
    "What do you think?" "I think 'What, do you think?!'"
  3. Re:Grrr... by Anonymous Coward · · Score: 1, Funny

    Better throw in some Double ROT-13 encryption as well. Just to be sure ;)

  4. Slashdot provides critical security advisory! by ramam · · Score: 5, Funny

    If you hand your credit card to the first person who walks past you when you're done eating, it may not be your waiter!

  5. Re:Yea. by Tack · · Score: 4, Funny
    You would have been safer if you used Double ROT-13 encryption instead.

    That's fine if you don't care about the security of your data. Current cryptanalysis indicates that at a minimum you want 16 rounds of ROT-13. And since I'm rather paranoid, as a rule I tend to double the recommendations of cryptographic primitives, so I use 32 rounds of ROT-13. With current CPUs as fast as they are, there's very little reason to use less than 16 rounds. And 2 rounds is just insanity.

    I dare you to crack my data.

    Jason.

  6. Re:Yea. by owlstead · · Score: 1, Funny

    You would have been safer if you used Double ROT-13 encryption instead.

    That's fine if you don't care about the security of your data. Current cryptanalysis indicates that at a minimum you want 16 rounds of ROT-13. And since I'm rather paranoid, as a rule I tend to double the recommendations of cryptographic primitives, so I use 32 rounds of ROT-13. With current CPUs as fast as they are, there's very little reason to use less than 16 rounds. And 2 rounds is just insanity.

    I dare you to crack my data.

    Jason.