IETF Logo Mail Archive

Re: NIST publishes new DSA draft

Jon Callas <jon@callas.org> Mon, 27 March 2006 20:24 UTC

Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FNyGZ-0002lW-Cp for openpgp-archive@lists.ietf.org; Mon, 27 Mar 2006 15:24:43 -0500
Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FNyGX-0007fc-Rb for openpgp-archive@lists.ietf.org; Mon, 27 Mar 2006 15:24:43 -0500
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k2RK0TDN083228; Mon, 27 Mar 2006 13:00:29 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k2RK0TUD083227; Mon, 27 Mar 2006 13:00:29 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k2RK0T0Z083197 for <ietf-openpgp@imc.org>; Mon, 27 Mar 2006 13:00:29 -0700 (MST) (envelope-from jon@callas.org)
Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.7); Mon, 27 Mar 2006 12:00:24 -0800
Received: from [63.251.255.205] ([63.251.255.205]) by keys.merrymeet.com (PGP Universal service); Mon, 27 Mar 2006 12:00:24 -0800
X-PGP-Universal: processed; by keys.merrymeet.com on Mon, 27 Mar 2006 12:00:24 -0800
In-Reply-To: <44267719.1060302@algroup.co.uk>
References: <20060314194447.4D59A57FB0@finney.org> <20060316192823.GA9945@jabberwocky.com> <441ACF45.704@systemics.com> <87fylhdq36.fsf@wheatstone.g10code.de> <20060317174937.GC13241@jabberwocky.com> <3C3EAEDD-7724-4E92-AA3C-49B5B2E6F3F9@callas.org> <44267719.1060302@algroup.co.uk>
Mime-Version: 1.0 (Apple Message framework v746.3)
Content-Type: text/plain; charset="US-ASCII"; delsp="yes"; format="flowed"
Message-Id: <C6620F59-F7F1-498E-B999-9BB08715395F@callas.org>
Cc: OpenPGP <ietf-openpgp@imc.org>
Content-Transfer-Encoding: 7bit
From: Jon Callas <jon@callas.org>
Subject: Re: NIST publishes new DSA draft
Date: Mon, 27 Mar 2006 12:00:20 -0800
To: Ben Laurie <ben@algroup.co.uk>
X-Mailer: Apple Mail (2.746.3)
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 52e1467c2184c31006318542db5614d5

On 26 Mar 2006, at 3:12 AM, Ben Laurie wrote:

> Jon Callas wrote:
>>
>> I think we ought to keep it with the same algorithm number.
>>
>> I'm happy to put in SHA-224 (meaning it's trivial work), but I don't
>> like it, myself. The reason is that SHA-224 is really a truncated
>> SHA-256. Thus, it has no advantages over SHA-256 except being  
>> smaller by
>> 32-bits with 112 bits of security. The reason it exists at all is for
>> crypto-balance with 2-key 3DES (which is not TDEA), which we don't  
>> allow
>> at all.
>
> <pedantic>
>
> 3-key DES also has a strength of 112 bits.
>
> </pedantic>
>

There are certainly good arguments for that, but if 3-key 3DES is no  
stronger than 2-key, then there shouldn't be any harm in dropping the  
third key. Right? If you don't like this idea (that 2-key and 3-key  
are equivalent), which I don't, then 3-key must be some stronger. It  
just isn't easy to know how much more.

I wrote a long thing on this a couple years ago at:

<http://searchsecurity.techtarget.com/tip/ 
1,289483,sid14_gci968714,00.html?track=NL-102&ad=486202>

	Jon

v2.23.0 | Report a Bug | By Email