Bugtraq mailing list archives
Re: Nortel CES (3DES version) offers false sense of securitywhen usi ng IPSEC
From: Rogier Wolff <R.E.Wolff () BITWIZARD NL>
Date: Tue, 27 Feb 2001 23:38:13 +0100
MCKILLICAN, DONALD wrote:
Rogier Wolff wrote:I don't know where people get their information, but tripple-DES uses a 112 bit key. How they can advertize 128, or even 168 bits of keys I don't know.In fact, there are a number of different modes for TripleDES. Some of them use one key, some of them use two, and some use three. A commonly used example of the last named is DES-EDE3. See, for instance, <http://www.crypto.nkfurst.edu.tw/infosec/faq/html/3-2-6.html> for more
^^^ remove that R in the URL.
precise explanations.
Still, I remember that using triple-DES with three keys only had a complexity on the order of 2^112. No matter what you tried. Sure you can design super-duper-crypto scheme that uses a gigantic key, but as long as the resulting crypto only has 2^56 complexity to break, it doesn't have any real advantages over, say, DES. Anyway, I can't quickly find any hard online references to back this up. http://www.rsasecurity.com/rsalabs/faq/3-2-6.html hints at a possible problem: The use of double and triple encryption does not always provide the additional security that might be expected. So: I claim that I heard that "all triple-DES keying with three keys have complexity of 2^112 or less. It gives only a false sense of security if you key your triple-des with more than 112 bits". RSA partially backs me up by saying that SOME triple-DES methods are of a lower complexity than what might be expected from the raw keysize. Note that searching for "triple DES" on the net leads to plenty of references, wich claim for instance 192 bits of keyspace, showing a fundamental misunderstanding with DES. Roger. -- ** R.E.Wolff () BitWizard nl ** http://www.BitWizard.nl/ ** +31-15-2137555 ** *-- BitWizard writes Linux device drivers for any device you may have! --* * There are old pilots, and there are bold pilots. * There are also old, bald pilots.
Current thread:
- Nortel CES (3DES version) offers false sense of security when usi ng IPSEC spitko (Feb 26)
- Re: Nortel CES (3DES version) offers false sense of security when usi ng IPSEC Tina Bird (Feb 27)
- Re: Nortel CES (3DES version) offers false sense of security when usi ng IPSEC Rogier Wolff (Feb 27)
- Re: Nortel CES (3DES version) offers false sense of security when usi ng IPSEC Dan Kaminsky (Feb 27)
- Re: Nortel CES (3DES version) offers false sense of securitywhen usi ng IPSEC MCKILLICAN, DONALD (Feb 27)
- Re: Nortel CES (3DES version) offers false sense of securitywhen usi ng IPSEC MCKILLICAN, DONALD (Feb 27)
- Re: Nortel CES (3DES version) offers false sense of securitywhen usi ng IPSEC Rogier Wolff (Feb 27)
- Re: Nortel CES (3DES version) offers false sense of securitywhen usi ng IPSEC Valdis Kletnieks (Feb 28)
- Re: Nortel CES (3DES version) offers false sense of securitywhen usi ng IPSEC Valdis Kletnieks (Feb 28)
- Re: Nortel CES (3DES version) offers false sense of securitywhen usi ng IPSEC Kent Borg (Feb 28)
- Re: Nortel CES (3DES version) offers false sense of securitywhen usi ng IPSEC Rogier Wolff (Feb 28)
- Re: Nortel CES (3DES version) offers false sense of securitywhen usi ng IPSEC Jack Lloyd (Feb 28)
- Re: Nortel CES (3DES version) offers false sense of securitywhen usi ng IPSEC Luciano Miguel Ferreira Rocha (Feb 28)
- Re: Nortel CES (3DES version) offers false sense ofsecuritywhen usi ng IPSEC MCKILLICAN, DONALD (Feb 28)