Re: 3DES with 40-bit key?
Sandy Harris <sandy.harris@sympatico.ca> Mon, 29 March 1999 22:29 UTC
Received: from lists.tislabs.com (portal.gw.tislabs.com [192.94.214.101]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id OAA02704; Mon, 29 Mar 1999 14:29:29 -0800 (PST)
Received: by lists.tislabs.com (8.9.1/8.9.1) id OAA18135 Mon, 29 Mar 1999 14:53:22 -0500 (EST)
Message-ID: <36FFDFBA.25D9D234@sympatico.ca>
Date: Mon, 29 Mar 1999 15:16:58 -0500
From: Sandy Harris <sandy.harris@sympatico.ca>
X-Mailer: Mozilla 4.5 [en]C-SYMPA (Win95; U)
X-Accept-Language: en,fr-CA
MIME-Version: 1.0
To: ipsec@lists.tislabs.com
Subject: Re: 3DES with 40-bit key?
References: <2.2.32.19990329184814.00f65de4@mailhost.hq.freegate.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: owner-ipsec@lists.tislabs.com
Precedence: bulk
Joe Tardo wrote: > So why not just use 3DES with the three identical keys, which is identical > to 56-bit DES? RFC 2451 does not allow that. For IPSEC, 3DES has 3 different keys. They're right, too. Your suggestion gives the worst of both worlds: the proven insecurity of single DES with the overheads of 3DES. For details, see the (expired) draft: http://www.ietf.org/internet-drafts/draft-ietf-ipsec-ciph-des3-00.txt > Unappealing, and I'm not (necessarily) advocating this, but why is it any > different than, say, 'salted' RC4 schemes which have been approved for > export for years? These use the full 128-bit key size but reveal 88 bits in > the protocol. It isn't any different. There are lots of ways to weaken ciphers. The US and other governments will be happy with any weakening that lets them break the ciphers. For the arguments on why not to do this for the Internet, see RFC 1984. For free code that implements IPSEC with 3DES see either of: http://www.xs4all.nl/~freeswan for Linux http://www.kame.net for *BSD, from Japan I know of no export restrictions on either of these.
- 3DES with 40-bit key? Ari Huttunen
- Re: 3DES with 40-bit key? Jim Gillogly
- Re: 3DES with 40-bit key? Michael Schmidt
- Re: 3DES with 40-bit key? Ari Huttunen
- Re: 3DES with 40-bit key? Juha Heinanen
- Re: 3DES with 40-bit key? Henry Spencer
- Re: 3DES with 40-bit key? Mike Carney
- Re: 3DES with 40-bit key? Paul Koning
- Re: 3DES with 40-bit key? Jim Gillogly
- Re: 3DES with 40-bit key? Henry Spencer
- Re: 3DES with 40-bit key? Tolga Acar
- Re: 3DES with 40-bit key? Rodney Thayer
- Re: 3DES with 40-bit key? Dave Perks
- Re: 3DES with 40-bit key? Sandy Harris
- Re: 3DES with 40-bit key? Joe Tardo
- Re: 3DES with 40-bit key? Paul Koning
- Re: 3DES with 40-bit key? Sandy Harris
- RE: 3DES with 40-bit key? Gary Hines
- Re: 3DES with 40-bit key? Henry Spencer
- RE: 3DES with 40-bit key? Scott Baldwin
- Re: 3DES with 40-bit key? Niklas Hallqvist
- Re: 3DES with 40-bit key? David Jablon
- Re: 3DES with 40-bit key? Ari Huttunen
- Re: 3DES with 40-bit key? John Ioannidis
- Re: 3DES with 40-bit key? Paul Koning