Bugtraq mailing list archives
Re: Nortel CES (3DES version) offers false sense of securitywhen usi ng IPSEC
From: Casper Dik <Casper.Dik () HOLLAND SUN COM>
Date: Wed, 28 Feb 2001 18:26:30 +0100
So, I need 56+59 = 115 bits of security to approve an algorithm for my protocol. If 3DES is advertized as having 168 bit security, I'd happily go for 3DES: 53 bits to spare! However, since 3DES only has 112 bit strength (even when keyed with 168 bits), this decision is wrong! This is why it is important that if 3DES has 112 bit security, it is advertized as such, even when now 112 bits is just as impractical for us as 168 bits.
I find this a really odd way of looking at things. Being conservative about the computing power needed is one thing, but requiring protocols to be advertised on their currently "known strength" is rather odd. Wasn't DES cryptanalyzed back to 48 or 46 bits? I also believe that getting to 112 bits in 20 years is overly optimistic; and bruteforcing 3DES is considerably harder than just brute forcing any odd 112 algorithm. Especially when compared to an algorithm like RC4 which has proven to be harder to use safely than other equally strong algorithms. Casper
Current thread:
- Re: Nortel CES (3DES version) offers false sense of securitywhen usi ng IPSEC Rogier Wolff (Feb 28)
- Re: Nortel CES (3DES version) offers false sense of securitywhen usi ng IPSEC Casper Dik (Feb 28)