Weak DES keys

Karl Fox <karl@Ascend.COM> Fri, 12 September 1997 19:59 UTC

Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id PAA09776 for ipsec-outgoing; Fri, 12 Sep 1997 15:59:09 -0400 (EDT)
Date: Fri, 12 Sep 1997 13:07:57 -0700
Message-Id: <199709122007.NAA11363@gump.eng.ascend.com>
From: Karl Fox <karl@Ascend.COM>
To: "Michael C. Richardson" <mcr@sandelman.ottawa.on.ca>
Cc: ipsec@tis.com
Subject: Weak DES keys
In-Reply-To: <199709121939.PAA27376@istari.sandelman.ottawa.on.ca>
References: <199709121828.LAA13256@kebe.eng.sun.com> <199709121939.PAA27376@istari.sandelman.ottawa.on.ca>
Reply-To: Karl Fox <karl@Ascend.COM>
Organization: Ascend Communications
Sender: owner-ipsec@ex.tis.com
Precedence: bulk

Michael C. Richardson writes:
>   If we return fail, then I'd say that we just
> pretend we never did anything and try again. That works, is algorithm
> independant, and removes all weak key checks from the key manager.

Another nice thing about this approach is that not only is it hard to
get wrong, even those who do get it wrong will still interoperate.
Karl Fox, servant of God, employee of Ascend Communications
655 Metro Place South, Suite 370, Dublin, Ohio  43017   +1 614 760 4041