Bugtraq mailing list archives
Re: Nortel CES (3DES version) offers false sense of security when usi ng IPSEC
From: Rogier Wolff <R.E.Wolff () BITWIZARD NL>
Date: Tue, 27 Feb 2001 09:11:28 +0100
spitko () HOTMAIL COM wrote:
CES 1510D; D stands for domestic == 128 bits version). For some reason stickers on shipping package says 128 bit encryption and documentation states 168 bits (== 3*56 bits DES) encryption.
I don't know where people get their information, but tripple-DES uses a 112 bit key. How they can advertize 128, or even 168 bits of keys I don't know. Triple DES is triple because you run the plaintext through DES three times, however you use only two different keys. Why? There is a "meet in the middle" approach that allows you to figure out the keys on a "triple-DES-with-three-keys" in a brute-force attack of complexity 2^112. (*) So even if they don't do the standard triple-DES with two keys, they should only claim 112bit security, not one bit more. Now this "meet in the middle" attack is over my head. I haven't the foggiest how one would go about this. And it's been over 10 years since I last took a cryptography class. So, better trust the experts on this than me. Roger. (*) Remember a few years ago, some guys from Israel managed to "break" single-DES with a meet-in-the-middle attack. Turns out their attack is of complexity 2^56 (or thereabouts), even if the original DES would've used a 64 bit key instead of the 56bit key in the standard. -- ** R.E.Wolff () BitWizard nl ** http://www.BitWizard.nl/ ** +31-15-2137555 ** *-- BitWizard writes Linux device drivers for any device you may have! --* * There are old pilots, and there are bold pilots. * There are also old, bald pilots.
Current thread:
- Nortel CES (3DES version) offers false sense of security when usi ng IPSEC spitko (Feb 26)
- Re: Nortel CES (3DES version) offers false sense of security when usi ng IPSEC Tina Bird (Feb 27)
- Re: Nortel CES (3DES version) offers false sense of security when usi ng IPSEC Rogier Wolff (Feb 27)
- Re: Nortel CES (3DES version) offers false sense of security when usi ng IPSEC Dan Kaminsky (Feb 27)
- Re: Nortel CES (3DES version) offers false sense of securitywhen usi ng IPSEC MCKILLICAN, DONALD (Feb 27)
- Re: Nortel CES (3DES version) offers false sense of securitywhen usi ng IPSEC MCKILLICAN, DONALD (Feb 27)
- Re: Nortel CES (3DES version) offers false sense of securitywhen usi ng IPSEC Rogier Wolff (Feb 27)
- Re: Nortel CES (3DES version) offers false sense of securitywhen usi ng IPSEC Valdis Kletnieks (Feb 28)
- Re: Nortel CES (3DES version) offers false sense of securitywhen usi ng IPSEC Valdis Kletnieks (Feb 28)
- Re: Nortel CES (3DES version) offers false sense of securitywhen usi ng IPSEC Kent Borg (Feb 28)
- Re: Nortel CES (3DES version) offers false sense of securitywhen usi ng IPSEC Rogier Wolff (Feb 28)
- Re: Nortel CES (3DES version) offers false sense of securitywhen usi ng IPSEC Jack Lloyd (Feb 28)
- Re: Nortel CES (3DES version) offers false sense of securitywhen usi ng IPSEC Luciano Miguel Ferreira Rocha (Feb 28)