RE: Security Use Requirements
Michael Eisler <mre@zambeel.com> Thu, 08 February 2001 02:56 UTC
Received: from ece.cmu.edu (ECE.CMU.EDU [128.2.236.200]) by ietf.org (8.9.1a/8.9.1a) with SMTP id VAA15527 for <ips-archive@odin.ietf.org>; Wed, 7 Feb 2001 21:56:54 -0500 (EST)
Received: (from majordom@localhost) by ece.cmu.edu (8.11.0/8.10.2) id f180xUM02881 for ips-outgoing; Wed, 7 Feb 2001 19:59:30 -0500 (EST)
X-Authentication-Warning: ece.cmu.edu: majordom set sender to owner-ips@ece.cmu.edu using -f
Received: from xchange.zambeel.com ([63.89.188.10]) by ece.cmu.edu (8.11.0/8.10.2) with ESMTP id f180x2H02861 for <ips@ece.cmu.edu>; Wed, 7 Feb 2001 19:59:02 -0500 (EST)
Received: by exchange.zambeel.com with Internet Mail Service (5.5.2650.21) id <CR9GD35A>; Wed, 7 Feb 2001 16:58:54 -0800
Received: from frostback (10.0.1.120 [10.0.1.120]) by xchange.zambeel.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21) id CR9GD3Z9; Wed, 7 Feb 2001 16:58:48 -0800
From: Michael Eisler <mre@zambeel.com>
Reply-To: Michael Eisler <mre@zambeel.com>
To: ips@ece.cmu.edu
Date: Wed, 07 Feb 2001 16:55:59 -0800
Subject: RE: Security Use Requirements
In-Reply-To: "Your message with ID" <5.0.0.25.2.20010207155733.00a63d00@10.30.15.2>
Message-ID: <Roam.SIMC.2.0.6.981593759.11529.mre@zambeel.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; CHARSET="US-ASCII"
Sender: owner-ips@ece.cmu.edu
Precedence: bulk
Why use DES, which is slow for software implementations, when AES is there, is fast, and has little dispute about its safety? draft-ietf-ipsec-ciph-aes-cbc-01.txt proposes a means for using AES in IPsec. draft-ietf-tls-ciphersuite-03.txt proposes a means for using AES in TLS. 3DES is really, really slow for software to the point of being impractical. While one can always mandate it for implementation, in practice I doubt any customer using a software 3DES over ips will want to use it. -mre > At 15:20 07/02/01, Joshua Tseng wrote: > > >It's often been said that the only thing worse than NO SECURITY > >is the ILLUSION of security. > > Some security keeps the kiddies away, no security doesn't. > I'd much rather have DES-CBC than nothing, because it visibly > increases the work function for the adversary. > > >Single DES is known to be cracked. > > That is a false statement. It hasn't been cracked. The best > attack known in the public literature is Biham-Shamir, which > requires ~O(2^^56) operations and some non-trivial preconditions. > There have been some specific brute-force attacks on DES that worked, > but they weren't real-time attacks and required a significant amount > of computational power. > > I'm not arguing against 3DES in preference to DES-CBC, but it > is just wrong to claim either that DES-CBC is cracked or > that running in the clear is better than running with DES-CBC > (assumes reasonable cryptographic authentication in all cases). > Note also that my comments are constrained to what is in the > published literature... > > Ran > rja@inet.org > >
- RE: Security Use Requirements Bernard Aboba
- Re: Security Use Requirements David Robinson
- Re: Security Use Requirements (and security issue… Glen Turner
- RE: Security Use Requirements Joshua Tseng
- RE: Security Use Requirements julian_satran
- RE: Security Use Requirements (and security issue… Bernard Aboba
- RE: Security Use Requirements Joshua Tseng
- RE: Security Use Requirements Bernard Aboba
- RE: Security Use Requirements Joshua Tseng
- RE: Security Use Requirements RJ Atkinson
- RE: Security Use Requirements Michael Eisler
- Re: Security Use Requirements Sean Quinlan
- RE: Security Use Requirements RJ Atkinson
- RE: Security Use Requirements Joshua Tseng
- RE: Security Use Requirements Bernard Aboba
- RE: Security Use Requirements John Hufferd
- Re: Security Use Requirements David Robinson
- RE: Security Use Requirements Scott Bradner
- RE: Security Use Requirements Joshua Tseng
- RE: Security Use Requirements Joshua Tseng
- RE: Security Use Requirements Douglas Otis
- RE: Security Use Requirements Bernard Aboba
- RE: Security Use Requirements Bernard D. Aboba
- RE: Security Use Requirements John Hufferd
- RE: Security Use Requirements Michael Eisler
- RE: Security Use Requirements RJ Atkinson
- RE: Security Use Requirements Black_David
- RE: Security Use Requirements Scott Bradner
- RE: Security Use Requirements Bernard Aboba
- RE: Security Use Requirements julian_satran
- RE: Security Use Requirements julian_satran
- RE: Security Use Requirements Joshua Tseng
- RE: Security Use Requirements Douglas Otis
- RE: Security Use Requirements Michael Krause
- RE: Security Use Requirements julian_satran
- RE: Security Use Requirements Black_David
- RE: Security Use Requirements Bernard Aboba
- RE: Security Use Requirements Joshua Tseng
- RE: Security Use Requirements Black_David
- RE: Security Use Requirements Michael Eisler
- RE: Security Use Requirements julian_satran
- RE: Security Use Requirements Bernard Aboba
- RE: Security Use Requirements Joshua Tseng
- RE: Security Use Requirements Black_David
- RE: Security Use Requirements Black_David
- RE: Security Use Requirements julian_satran
- RE: Security Use Requirements Black_David
- RE: Security Use Requirements Black_David
- RE: Security Use Requirements Douglas Otis
- RE: Security Use Requirements RJ Atkinson
- RE: Security Use Requirements Michael Eisler
- RE: Security Use Requirements Scott Bradner
- RE: Security Use Requirements Black_David
- RE: Security Use Requirements Bernard Aboba
- RE: Security Use Requirements RJ Atkinson
- RE: Security Use Requirements Douglas Otis
- RE: Security Use Requirements Michael Eisler
- RE: Security Use Requirements Joshua Tseng
- Security Use Requirements Black_David
- RE: Security Use Requirements julian_satran
- RE: Security Use Requirements julian_satran
- RE: Security Use Requirements Bernard Aboba
- RE: Security Use Requirements Michael Eisler
- RE: Security Use Requirements julian_satran
- RE: Security Use Requirements Bernard Aboba
- Re: Security Use Requirements [specifically: hard… csapuntz
- RE: Security Use Requirements Black_David
- RE: Security Use Requirements Bernard Aboba
- RE: Security Use Requirements Joshua Tseng
- RE: Security Use Requirements Joshua Tseng
- RE: Security Use Requirements Bernard Aboba
- RE: Security Use Requirements Joshua Tseng
- RE: Security Use Requirements Douglas Otis
- Re: Security Use Requirements David Robinson
- RE: Security Use Requirements Douglas Otis
- RE: Security Use Requirements John Hufferd
- RE: Security Use Requirements Bernard Aboba
- RE: Security Use Requirements Dan Eakins
- RE: Security Use Requirements julian_satran