Re: Nortel CES (3DES version) offers false sense of securitywhenusi ng IPSEC

[Crist Clark <crist.clark () GLOBALSTAR COM>]

This was fun for this first, oh, five mails, and then it got rather old.
No, well, it was never actually fun. Arguing about whether you should do
3DES with two or three keys is all quite interesting but rather academic.
Yes, the three-key problem can be reduced to about the same difficulty in
time (operations) as the two-key problem, but requires an unrealistic
amount of memory that makes the attack pretty much infeasible in the real
world... But the fact the attack exists at all and that a two-key algorithm
can be designed to act as the single-key one when the same key is used both
times make it somewhat appealing.

The bottom line: Who friggin' cares? Unless you are a forgein government
hiding data from NSA or one of its counterparts, no one who has the means
cares enough to bust DES for your data, let alone two- or three-key 3DES.
More importantly, show me _any_ application where two- or three-key 3DES
is the weakest link in the security. There are much more important issues
for most people in this audience to be toiling over than arguing how many
"equivalent bits" of protection a particular algorithm provides.

This is rapidly approaching an appeal to the moderator to mercifully end
the thread.
--
Crist J. Clark                                Network Security Engineer
crist.clark () globalstar com                    Globalstar, L.P.