Re: [Cfrg] What crypto algorithm is referenced most in RFCs?

Jon Callas <jon@callas.org> Mon, 20 June 2011 17:51 UTC

Return-Path: <jon@callas.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3750E11E808A for <cfrg@ietfa.amsl.com>; Mon, 20 Jun 2011 10:51:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.495
X-Spam-Level:
X-Spam-Status: No, score=-0.495 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3xG2UiUn-yTx for <cfrg@ietfa.amsl.com>; Mon, 20 Jun 2011 10:51:50 -0700 (PDT)
Received: from merrymeet.com (unknown [173.164.244.100]) by ietfa.amsl.com (Postfix) with ESMTP id 4893411E8094 for <cfrg@irtf.org>; Mon, 20 Jun 2011 10:51:50 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by merrymeet.com (Postfix) with ESMTP id 1C48A2E02C for <cfrg@irtf.org>; Mon, 20 Jun 2011 10:51:54 -0700 (PDT)
Received: from merrymeet.com ([127.0.0.1]) by localhost (host.domain.tld [127.0.0.1]) (amavisd-maia, port 10024) with ESMTP id 34920-01 for <cfrg@irtf.org>; Mon, 20 Jun 2011 10:51:46 -0700 (PDT)
Received: from keys.merrymeet.com (keys.merrymeet.com [173.164.244.97]) (Authenticated sender: jon) by merrymeet.com (Postfix) with ESMTPA id 7FEB02E0C1 for <cfrg@irtf.org>; Mon, 20 Jun 2011 10:51:46 -0700 (PDT)
Received: from ba0301a-dhcp04.apple.com ([17.193.14.132]) by keys.merrymeet.com (PGP Universal service); Mon, 20 Jun 2011 10:51:41 -0700
X-PGP-Universal: processed; by keys.merrymeet.com on Mon, 20 Jun 2011 10:51:41 -0700
Mime-Version: 1.0 (Apple Message framework v1084)
From: Jon Callas <jon@callas.org>
In-Reply-To: <BANLkTi=fW+wMxkbO_74U8WNiDkrBfpwTvw@mail.gmail.com>
Date: Mon, 20 Jun 2011 10:51:40 -0700
Message-Id: <5EE73036-232D-4D10-8C42-3CB7E1155EA0@callas.org>
References: <4A7C9D3B-70C6-4D14-A5D8-F54D84DBBEA9@cisco.com> <4DF6FCAD.1000704@Strombergson.com> <4DF7E236.3060603@ieca.com> <CF0765AF-383F-423F-A8CC-10AEB4A3E348@callas.org> <4DF8627B.1030702@Strombergson.com> <74993A34-C2B3-4FA9-B27B-557AD0E3F7BB@cisco.com> <DD276523-6F9F-466E-BC85-CD9887920E6E@cisco.com> <6679410D-BF1F-4FE4-95DB-90E542CDBBD9@cs.tcd.ie> <BANLkTinJaBzm5wWTcJW1ArF8F-O78HLGKw@mail.gmail.com> <D256DDF2-6E11-4322-91B2-3F052DB52FE3@cs.tcd.ie> <BANLkTimyLVpTNcB8BoMFgjyfa23ikbt_gQ@mail.gmail.com> <4DFD0C1B.6070909@cs.tcd.ie> <BF2B2DDA-08DD-4915-9E69-F7E83BB8D728@cisco.com> <BANLkTim8VCPY9NhNbYkOE2u2HMR_r9s7sg@mail.gmail.com> <EC9A176E-7C2A-4782-8522-C1656478CBF3@cisco.com> <BANLkTi=fW+wMxkbO_74U8WNiDkrBfpwTvw@mail.gmail.com>
To: cfrg@irtf.org
X-Mailer: Apple Mail (2.1084)
X-PGP-Encoding-Format: Partitioned
X-PGP-Encoding-Version: 2.0.2
X-Content-PGP-Universal-Saved-Content-Transfer-Encoding: quoted-printable
X-Content-PGP-Universal-Saved-Content-Type: text/plain; charset=us-ascii
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
X-Virus-Scanned: Maia Mailguard
Subject: Re: [Cfrg] What crypto algorithm is referenced most in RFCs?
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Jun 2011 17:51:51 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Jun 20, 2011, at 10:38 AM, Marshall Eubanks wrote:

> On this topic, has triple DES been deprecated yet ? I wouldn't feel comfortable recommending it for something new, but I don't think it's been shown the door yet.

No. 112-bit crypto of all sorts (another example is 2K RSA keys) is still acceptable.

I agree with you, I wouldn't use 3DES for anything new. But the major reason to avoid it isn't key size, it's block size. You should avoid anything with a smaller block than 128 bits.

	Jon



-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 2.10.0 (Build 554)
Charset: us-ascii

wj8DBQFN/4itsTedWZOD3gYRAtDaAKD+P4sz4cpvr7/s/JeWv6rI31+8uACgzrsX
H8E9kdTTiJXQPyMYxhZw3I0=
=5wHj
-----END PGP SIGNATURE-----