December 30th, 2005, 06:39 PM
VPN DES encryption question
I have a VPN between two SonicWALLs. I use it mainly to send a large amount of .tif images between the two networks. Initially I set the encryption to 3DES, because the images contain confidential information. This made the transfer of the images very slow. When I changed it to DES it sped up the tranmittion significantly.
I am still pretty new at the security stuff, so here's my questions: Is DES 'secure enough'? Should the TYPE of files being sent over a VPN determine the strength of the security used? In other words, should the fact that I send images primarily over the VPN instead of text or other files change what level of encryption I use?
From what I know, DES selects a key from about 72 quadrillion possibilities, using the public-private key encryption, so I don't know if it even matters what I'm encrypting, DES picks a random key for any type of file... but I'm not sure about this.
Thanks ahead of time,
December 30th, 2005, 07:26 PM
With security there is always a balance that needs to be maintained. In this case the balance would be how sensitive is the data you are sending vs how much resources you need to consume to secure it.
To clarify further: Do you care if anybody was able to capture one of your TIFF's? Do you need to protect them because of some regulatory requirment (HIPAA, Sorbains Oxly, etc.).
And balance that against the resources it takes to secure them: Encryption speed(Software or hardware encryption) to speed up encryption. Does it need to get there in a certain timeframe? Is it transparent to the user?
I know this does not directly answer your question but I hope it helps define your needs which should then make it easier to define your own answer.
Work... Some days it's just not worth chewing through the restraints...
December 30th, 2005, 08:16 PM
1. Is DES 'secure enough'?
Well, that depends. Its probably secure against individuals, but anyone with access to a large computer lab or part of a distributed network would be able to crack it fairly quickly (a week - few months). So, that depends on how bad someone wants it, whether its time sensitive (ie. does the information lose its value in less time than it would take to crack the encryption) and what the attackers resources are.
2. should the fact that I send images primarily over the VPN instead of text or other files change what level of encryption I use?
A known-plaintext attack would be faster than a bruteforce search, but this would require the attacker to have access to an plaintext-ciphertext pair. I imagine that if the attacker knows what the file type is he could probably use any file type headers as known-plaintext.
\"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier