Recent ALSA releases - not sure how recent, I'm using 1.0.13 - enable software mixing by default. This is fantastic, because it means an infinite number of properly written applications can record and play at the same time.
Wednesday, June 13, 2007
Monday, June 4, 2007
Fun with defaults
Last week a coworker called me in for some help with an IPsec tunnel to Jamaica. Our side is Openswan, theirs is Checkpoint.
The tunnels were coming up as far as Openswan was concerned, but Checkpoint was rejecting the traffic. Fortunately the guys in Jamaica knew their stuff better than me and were able to point us in the right direction: Checkpoint was configured to use 3DES-MD5, but Openswan had brought up a tunnel with 3DES-SHA1. We told Openswan to use 3DES-MD5 on this tunnel, and the problem went away.
This raises a few points.
In software, AES-256 is at least three times as fast as 3DES. (Run "
So 3DES is getting old, but it's still awfully hard to break. Not MD5. MD5 is just dangerous. It's trubs. Even SHA1 is starting to look scared.
I think it's pretty silly that IPsec implementations are still defaulting to 3DES and MD5.
The tunnels were coming up as far as Openswan was concerned, but Checkpoint was rejecting the traffic. Fortunately the guys in Jamaica knew their stuff better than me and were able to point us in the right direction: Checkpoint was configured to use 3DES-MD5, but Openswan had brought up a tunnel with 3DES-SHA1. We told Openswan to use 3DES-MD5 on this tunnel, and the problem went away.
This raises a few points.
- How did two IKE-compliant products manage to negotiate incompatible tunnels? Well, whatever. Stuff happens.
- Checkpoint's logging must be pretty good. It told the operators exactly what we needed to know: Openswan was using an unexpected hash method.
- Most importantly, it's 2007 and there are still people using 3DES and MD5 for tunnels.
In software, AES-256 is at least three times as fast as 3DES. (Run "
openssl speed des-ede3 aes-256-cbc".) The effective key length of 3DES is 112 bits, so AES-256 is three times as fast and one billionty times harder to break. Not much of a tradeoff there. If your security gateway is doing 3DES in hardware and is too old to handle AES in hardware, you might as well switch to software -- if you had enough traffic to justify hardware encryption, you'd probably have enough money to buy new hardware.So 3DES is getting old, but it's still awfully hard to break. Not MD5. MD5 is just dangerous. It's trubs. Even SHA1 is starting to look scared.
I think it's pretty silly that IPsec implementations are still defaulting to 3DES and MD5.
Saturday, June 2, 2007
Goog!
I found out about Google's "My Maps" from a blog linked from lolcode. You can overlay maps with placeholders and shapes, and as far as I can tell it even remembers the way you have the map positioned when you send a link around. We were testing some 400 MHz radio modems the other day so I gave it a try. All it's missing is a way to measure line-of-sight distance without using a ruler.
Subscribe to:
Posts (Atom)
