Bugtraq mailing list archives
Re: Nortel CES (3DES version) offers false sense of securitywhen usi ng IPSEC
From: Kent Borg <kentborg () BORG ORG>
Date: Wed, 28 Feb 2001 13:47:18 -0000
Rogier Wolff <R.E.Wolff () BITWIZARD NL> wrote (or possibly quoted someone else):
The use of double and triple encryption does not always provide the additional security that might be expected.
Yes, but an additional step of independent encryption (using a completely unrelated key) should not weaken a good crypto algorithm. For if it did, an attacker could take a message s/he is trying to crack and encrypt it one more time before trying to crack it. I think the problem with 112-bit double-DES was not that it was weaker than single-DES, it was that it wasn't stronger. Even the most stupid substitution cypher--when used with a completely independent key--doesn't weaken previous layers of slightly competent encryption.
RSA partially backs me up by saying that SOME triple-DES methods are of a lower complexity than what might be expected from the raw keysize.
Yes. The simple substitution cypher adds no futher security even if its "key" pretends to be several bits long. But neither does it make the total security any weaker. Once related keys are used, the situation is quite different: feeding fewer than 3X-bits into triple-anything, should only be done very carefully. -kb, the Kent who encoded this message in rot-13, and, for *extra* security, encoded it the same way a second time.
Current thread:
- Nortel CES (3DES version) offers false sense of security when usi ng IPSEC spitko (Feb 26)
- Re: Nortel CES (3DES version) offers false sense of security when usi ng IPSEC Tina Bird (Feb 27)
- Re: Nortel CES (3DES version) offers false sense of security when usi ng IPSEC Rogier Wolff (Feb 27)
- Re: Nortel CES (3DES version) offers false sense of security when usi ng IPSEC Dan Kaminsky (Feb 27)
- Re: Nortel CES (3DES version) offers false sense of securitywhen usi ng IPSEC MCKILLICAN, DONALD (Feb 27)
- Re: Nortel CES (3DES version) offers false sense of securitywhen usi ng IPSEC MCKILLICAN, DONALD (Feb 27)
- Re: Nortel CES (3DES version) offers false sense of securitywhen usi ng IPSEC Rogier Wolff (Feb 27)
- Re: Nortel CES (3DES version) offers false sense of securitywhen usi ng IPSEC Valdis Kletnieks (Feb 28)
- Re: Nortel CES (3DES version) offers false sense of securitywhen usi ng IPSEC Valdis Kletnieks (Feb 28)
- Re: Nortel CES (3DES version) offers false sense of securitywhen usi ng IPSEC Kent Borg (Feb 28)
- Re: Nortel CES (3DES version) offers false sense of securitywhen usi ng IPSEC Rogier Wolff (Feb 28)
- Re: Nortel CES (3DES version) offers false sense of securitywhen usi ng IPSEC Jack Lloyd (Feb 28)
- Re: Nortel CES (3DES version) offers false sense of securitywhen usi ng IPSEC Luciano Miguel Ferreira Rocha (Feb 28)
- Re: Nortel CES (3DES version) offers false sense ofsecuritywhen usi ng IPSEC MCKILLICAN, DONALD (Feb 28)