Re: [Nagios-devel] Submiting patch for nrpe
Posted: Thu Jan 22, 2004 8:00 am
> Double-encrypting isn't really an extra-layer; there are some theoretical
> attacks that suggest that double encryption can be harmful. No idea if it is
> in the this particular case; however, just using OpenSSL or GnuTLS to do both
> client/server authentication, and data encryption is the easiest solution.
Yep I got this wrong
I forgot about the meet in the middle attack.
using the same cipher it seems triple encryption using 2 keys offers a
gain, but double encryption dosnt.
I dont know how this applies to using 2 different ciphers (and only 1
key)and whether the meet in the middle attack can be applied.
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]
> attacks that suggest that double encryption can be harmful. No idea if it is
> in the this particular case; however, just using OpenSSL or GnuTLS to do both
> client/server authentication, and data encryption is the easiest solution.
Yep I got this wrong
I forgot about the meet in the middle attack.using the same cipher it seems triple encryption using 2 keys offers a
gain, but double encryption dosnt.
I dont know how this applies to using 2 different ciphers (and only 1
key)and whether the meet in the middle attack can be applied.
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]