The estimated strength of the encryption iscorresponds aroundto ca. 60-80 bits for commong symmetrical ciphers (see [http://www.faqs.org/rfcs/rfc3526.html RFC3526] chapter 8). This is quite low for today's standards but one has to keep in mind that this protocol wasn't designed as a secure transport protocol but as fast and efficient obfuscation method. [[Advanced Encryption Standard|AES]] was proposed as the encryption method but not adopted because it isconsumbed too slowmuch CPU time and the required D-H keys to achieve a security equal to AES would have been much bigger, making the handshake more expensive.
