Re: des instead of 3des

From: D. Cross [MS] (vaq130@hotmail.com)
Date: 06/03/02

Next message: - d e l m a n -: "Re: How can a user change his IP-ADR"
Previous message: RyanW: "Re: thenerds.net got hacked"
In reply to: Luschinsky Vyacheslav: "Re: des instead of 3des"
Next in thread: Luschinsky Vyacheslav: "Re: des instead of 3des"
Reply: Luschinsky Vyacheslav: "Re: des instead of 3des"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "D. Cross [MS]" <vaq130@hotmail.com>
Date: Mon, 3 Jun 2002 06:32:28 -0700

the certificates have nothing to do with DES/3DES. Symmetric algorithm
information is not contained within the x.509 certificate issued by the MSFT
CA.

I think you are referring to the VPN software itself - in that case 3DES is
only supported by Windows XP clients (has nothing to do with the CA you are
using). You can use 3DES with IPSEC in Windows XP, by turning it on through
group policy.

--
David B. Cross [MS]
--
This posting is provided "AS IS" with no warranties, and confers no rights.
"Luschinsky Vyacheslav" <slavon@slavon.ru> wrote in message
news:adfd27$srd$1@news.sovam.com...
> I don't need strong protection. I just need other then password protected
> entrance to local network. VPN with certificate auth will just do.
>
> "David Dickinson [MVP]" <eis@no-spam.softhome.net> wrote in message
> news:eV6x2ztCCHA.824@tkmsftngp05...
> > Luschinsky Vyacheslav wrote:
> > > I have w2k server sp2 and certificate services installed.
> > > certificates that are issued by it allow only 3des encription that is
> > > not supported by other side. Can I make server issue certs for des
> > > encription?
> >
> > Can you update the other side?  DES is not secure. It takes less than a
> day
> > to break it.
> >
> > --
> > David Dickinson, MVP (Security)
> > EveningStar Information Services
> > Las Cruces, NM USA
> >
> > Summary of Microsoft Security Bulletins
> > http://www.zianet.com/bwd/securitybulletins.asp
> >
> >
> >
>
>

Next message: - d e l m a n -: "Re: How can a user change his IP-ADR"
Previous message: RyanW: "Re: thenerds.net got hacked"
In reply to: Luschinsky Vyacheslav: "Re: des instead of 3des"
Next in thread: Luschinsky Vyacheslav: "Re: des instead of 3des"
Reply: Luschinsky Vyacheslav: "Re: des instead of 3des"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Need help configuring Wireless Connection profile
... and I can only use the intel OR windows utility, not both at the same time. ... Windows authentication for all users,4129,LRG\ryanv,4149,Wireless WPA2 ... SMALL BUSINESS SERVER: ... STEP #1 Install Certificate Services ...
(microsoft.public.windowsxp.general)
RE: updates after format
... if the Microsoft Server is down. ... software you are installing has not passed Windows Logo testing verify its ... When you try to download an ActiveX control, install an update to Windows ... and you do not have the appropriate certificate in your Trusted Publishers ...
(microsoft.public.windows.mediacenter)
Re: Windows Update repeats
... You cannot install some updates or programs ... to a Windows component, install a service pack for Windows or for a Windows ... The Microsoft digital signature affirms that software has been tested with ... Publishers certificate store. ...
(microsoft.public.windowsupdate)
Re: sfc /scannow wont run
... or upgrade installs but I definitely know retail versions do. ... If you have Windows XP Pro installed then do not purchase a Windows XP Home ... This behavior can occur if the certificate for VeriSign time stamping ...
(microsoft.public.windowsxp.help_and_support)
RE: Double authentication (User & Machine) with VPN SSL
... If you've got Windows and IIS, ... server machine using the typical IPSec policy and normal IPSec certs. ... Double authentication with VPN SSL ... - our users will soon have a certificate in a USB token; ...
(Security-Basics)