Bugtraq mailing list archives
Re: Nortel CES (3DES version) offers false sense of securitywhenusi ng IPSEC
From: Crist Clark <crist.clark () GLOBALSTAR COM>
Date: Wed, 28 Feb 2001 14:33:06 -0800
This was fun for this first, oh, five mails, and then it got rather old. No, well, it was never actually fun. Arguing about whether you should do 3DES with two or three keys is all quite interesting but rather academic. Yes, the three-key problem can be reduced to about the same difficulty in time (operations) as the two-key problem, but requires an unrealistic amount of memory that makes the attack pretty much infeasible in the real world... But the fact the attack exists at all and that a two-key algorithm can be designed to act as the single-key one when the same key is used both times make it somewhat appealing. The bottom line: Who friggin' cares? Unless you are a forgein government hiding data from NSA or one of its counterparts, no one who has the means cares enough to bust DES for your data, let alone two- or three-key 3DES. More importantly, show me _any_ application where two- or three-key 3DES is the weakest link in the security. There are much more important issues for most people in this audience to be toiling over than arguing how many "equivalent bits" of protection a particular algorithm provides. This is rapidly approaching an appeal to the moderator to mercifully end the thread. -- Crist J. Clark Network Security Engineer crist.clark () globalstar com Globalstar, L.P.
Current thread:
- Re: Nortel CES (3DES version) offers false sense of securitywhenusi ng IPSEC Crist Clark (Feb 28)
- Re: Nortel CES (3DES version) offers false sense of securitywhenusi ng IPSEC Valdis Kletnieks (Mar 01)
- Re: Nortel CES (3DES version) offers false sense of securitywhenusi ng IPSEC Ben Greenbaum (Mar 01)