Bugtraq mailing list archives

Re: Nortel CES (3DES version) offers false sense of securitywhen usi ng IPSEC

From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Wed, 28 Feb 2001 11:32:57 -0500

On Wed, 28 Feb 2001 09:36:27 EST, Valdis Kletnieks <Valdis.Kletnieks () VT EDU>  said:

I seem to remember Schneier's "Applied Cryptography" discussing this.  In any
case, the reason that triple-DES is limited to an *effective* 112 bits
of key is that DES is a "group".  To sum up multiple pages of math, this


Moral. Always proofread it *again*.  The math follows from the fact
that DES is *NOT* a group.  I've already had 2 people notice I missed
the '*NOT*'. ;(

/Valdis (who needs to double-check his caffeine content before hitting send)

Attachment: _bin
Description:

Current thread:

Nortel CES (3DES version) offers false sense of security when usi ng IPSEC spitko (Feb 26)
- Re: Nortel CES (3DES version) offers false sense of security when usi ng IPSEC Tina Bird (Feb 27)
- Re: Nortel CES (3DES version) offers false sense of security when usi ng IPSEC Rogier Wolff (Feb 27)
  - Re: Nortel CES (3DES version) offers false sense of security when usi ng IPSEC Dan Kaminsky (Feb 27)
  - Re: Nortel CES (3DES version) offers false sense of securitywhen usi ng IPSEC MCKILLICAN, DONALD (Feb 27)
    - Re: Nortel CES (3DES version) offers false sense of securitywhen usi ng IPSEC MCKILLICAN, DONALD (Feb 27)
    - Re: Nortel CES (3DES version) offers false sense of securitywhen usi ng IPSEC Rogier Wolff (Feb 27)
    - Re: Nortel CES (3DES version) offers false sense of securitywhen usi ng IPSEC Valdis Kletnieks (Feb 28)
    - Re: Nortel CES (3DES version) offers false sense of securitywhen usi ng IPSEC Valdis Kletnieks (Feb 28)
    - Re: Nortel CES (3DES version) offers false sense of securitywhen usi ng IPSEC Kent Borg (Feb 28)
    - Re: Nortel CES (3DES version) offers false sense of securitywhen usi ng IPSEC Rogier Wolff (Feb 28)
    - Re: Nortel CES (3DES version) offers false sense of securitywhen usi ng IPSEC Jack Lloyd (Feb 28)
    - Re: Nortel CES (3DES version) offers false sense of securitywhen usi ng IPSEC Luciano Miguel Ferreira Rocha (Feb 28)
    - Re: Nortel CES (3DES version) offers false sense ofsecuritywhen usi ng IPSEC MCKILLICAN, DONALD (Feb 28)
  - Re: Nortel CES (3DES version) offers false sense of security when usi ng IPSEC L.W. (Feb 27)
- Re: Nortel CES (3DES version) offers false sense of security when usi ng IPSEC Anton Rager (Feb 27)