Bugtraq mailing list archives
Re: Nortel CES (3DES version) offers false sense of securitywhen usi ng IPSEC
From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Wed, 28 Feb 2001 09:36:27 -0500
On Tue, 27 Feb 2001 23:38:13 +0100, Rogier Wolff <R.E.Wolff () BITWIZARD NL> said:
Still, I remember that using triple-DES with three keys only had a complexity on the order of 2^112. No matter what you tried. Sure you can design super-duper-crypto scheme that uses a gigantic key, but as long as the resulting crypto only has 2^56 complexity to break, it doesn't have any real advantages over, say, DES. Anyway, I can't quickly find any hard online references to back this up.
I seem to remember Schneier's "Applied Cryptography" discussing this. In any case, the reason that triple-DES is limited to an *effective* 112 bits of key is that DES is a "group". To sum up multiple pages of math, this ends up meaning that although there may be 168 bits of keying material, there's "duplicate" keys (instead of 2^168 different keys, you actually have 2^112 groups of 2^56 equivalent keys). -- Valdis Kletnieks Operating Systems Analyst Virginia Tech
Attachment:
_bin
Description:
Current thread:
- Nortel CES (3DES version) offers false sense of security when usi ng IPSEC spitko (Feb 26)
- Re: Nortel CES (3DES version) offers false sense of security when usi ng IPSEC Tina Bird (Feb 27)
- Re: Nortel CES (3DES version) offers false sense of security when usi ng IPSEC Rogier Wolff (Feb 27)
- Re: Nortel CES (3DES version) offers false sense of security when usi ng IPSEC Dan Kaminsky (Feb 27)
- Re: Nortel CES (3DES version) offers false sense of securitywhen usi ng IPSEC MCKILLICAN, DONALD (Feb 27)
- Re: Nortel CES (3DES version) offers false sense of securitywhen usi ng IPSEC MCKILLICAN, DONALD (Feb 27)
- Re: Nortel CES (3DES version) offers false sense of securitywhen usi ng IPSEC Rogier Wolff (Feb 27)
- Re: Nortel CES (3DES version) offers false sense of securitywhen usi ng IPSEC Valdis Kletnieks (Feb 28)
- Re: Nortel CES (3DES version) offers false sense of securitywhen usi ng IPSEC Valdis Kletnieks (Feb 28)
- Re: Nortel CES (3DES version) offers false sense of securitywhen usi ng IPSEC Kent Borg (Feb 28)
- Re: Nortel CES (3DES version) offers false sense of securitywhen usi ng IPSEC Rogier Wolff (Feb 28)
- Re: Nortel CES (3DES version) offers false sense of securitywhen usi ng IPSEC Jack Lloyd (Feb 28)
- Re: Nortel CES (3DES version) offers false sense of securitywhen usi ng IPSEC Luciano Miguel Ferreira Rocha (Feb 28)
- Re: Nortel CES (3DES version) offers false sense ofsecuritywhen usi ng IPSEC MCKILLICAN, DONALD (Feb 28)