Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Nortel CES (3DES version) offers false sense of security when usi ng IPSEC

From: "L.W." <eldub () POBOX COM>
Date: Tue, 27 Feb 2001 15:53:21 -0800
----- Original Message -----
From: "Rogier Wolff" <R.E.Wolff () BITWIZARD NL>
To: <BUGTRAQ () SECURITYFOCUS COM>
Sent: Tuesday, February 27, 2001 12:11 AM
Subject: Re: Nortel CES (3DES version) offers false sense of security when
usi ng IPSEC



I don't know where people get their information, but tripple-DES uses
a 112 bit key. How they can advertize 128, or even 168 bits of keys I
don't know.

Triple DES is triple because you run the plaintext through DES three
times, however you use only two different keys.


Hmm...

According to FIPS 46-3 (which is a good place to get information on triple
DES), there are three keying modes:

The standard specifies the following keying options for bundle (K1, K2, K3)
1. Keying Option 1: K1, K2 and K3 are independent keys;
2. Keying Option 2: K1 and K2 are independent keys and K3 = K1;
3. Keying Option 3: K1 = K2 = K3.

This means that 56bit, 112bit, and 168bit keys are all valid key lengths.

-LW
Previous By Date Next
Previous By Thread Next

Current thread: