Re: Blowfish encryption

[Christopher Fowler <cfowler@outpostsentinel.com>]

Some of these tin-hat people I tell them to simply buy encrypted modems
that do the encryption between the.  Are there anyone out there selling
good ones anymore?

Th issue is that there are two boxes connected via a modem and using PPP
for IP traffic.  The customer wants to be sure all traffic across that
phone line is encrypted.  Since they use so many network product some
old those protocol may be plain-text.  By having ppp encrypt what it
sends that would cover any data that travels across.


On Thu, 2005-03-10 at 13:17, James Carlson wrote:
> Christopher Fowler writes:
> > The only problem with ssh is that it is one protocol.  There are many
> > protocols that travel across the ppp link.  Some fo them not encryted
> > and can not be encrypted.
> > 
> > I stopped using telnet a long time ago.  Also with these devices there
> > are protocols that are routed across that link we have no control over
> > so doing encryption inside of ppp would cover all the bases.
> 
> As I mentioned, if it's really a PPP issue (not clear that it is, as
> the threat model isn't clear), then ECP is likely to be the right
> answer.
> 
> If it's an IP issue (are you worried about non-IP protocols?), then
> I'd certainly recommend the use of IPsec.  It defends against things
> that ssh (and, for that matter, SSL/TLS) cannot, works whether or not
> you use PPP, works on an end-to-end basis, and doesn't require
> changing everyone's implementations.