Bugtraq mailing list archives
Re: Nortel CES (3DES version) offers false sense of security when usi ng IPSEC
From: Dan Kaminsky <dankamin () CISCO COM>
Date: Tue, 27 Feb 2001 22:00:23 -0800
I don't know where people get their information, but tripple-DES uses a 112 bit key. How they can advertize 128, or even 168 bits of keys I don't know.
3DES uses a 168 bit key. Not 128, not 112, not anything else. The problem is that, in crypto, not all bits are created equal--note the mass confusion over the asymmetric keyspaces--"Wait, 512 bits are *less* than 128 bits?" Essentially, 3DES is referred to as 128 bits because it posesses equivalent strength to more modern ciphers that have a 128 bit keyspace. The meet in the middle attack reduces the complexity to 2^112, but the assurance over time(as the most widely attacked cryptographic algorithm in existence) raises the quality to an "equivalent" 128 bit. It's ugly, and blame the marketers for it--but on the flip side, it's better than hearing about how 168 bit 3DES is actually only two thirds its apparent strength, which numerically makes it less trustworthy than (say) 128 bit RC4. In the great pantheon of marketing hacks, calling 3DES 128 bit absolutely *pales* in comparison. Yours Truly, Dan Kaminsky, CISSP Cisco Systems, Inc. http://www.doxpara.com
Current thread:
- Nortel CES (3DES version) offers false sense of security when usi ng IPSEC spitko (Feb 26)
- Re: Nortel CES (3DES version) offers false sense of security when usi ng IPSEC Tina Bird (Feb 27)
- Re: Nortel CES (3DES version) offers false sense of security when usi ng IPSEC Rogier Wolff (Feb 27)
- Re: Nortel CES (3DES version) offers false sense of security when usi ng IPSEC Dan Kaminsky (Feb 27)
- Re: Nortel CES (3DES version) offers false sense of securitywhen usi ng IPSEC MCKILLICAN, DONALD (Feb 27)
- Re: Nortel CES (3DES version) offers false sense of securitywhen usi ng IPSEC MCKILLICAN, DONALD (Feb 27)
- Re: Nortel CES (3DES version) offers false sense of securitywhen usi ng IPSEC Rogier Wolff (Feb 27)
- Re: Nortel CES (3DES version) offers false sense of securitywhen usi ng IPSEC Valdis Kletnieks (Feb 28)
- Re: Nortel CES (3DES version) offers false sense of securitywhen usi ng IPSEC Valdis Kletnieks (Feb 28)
- Re: Nortel CES (3DES version) offers false sense of securitywhen usi ng IPSEC Kent Borg (Feb 28)
- Re: Nortel CES (3DES version) offers false sense of securitywhen usi ng IPSEC Rogier Wolff (Feb 28)
- Re: Nortel CES (3DES version) offers false sense of securitywhen usi ng IPSEC Jack Lloyd (Feb 28)
- Re: Nortel CES (3DES version) offers false sense of securitywhen usi ng IPSEC Luciano Miguel Ferreira Rocha (Feb 28)
- Re: Nortel CES (3DES version) offers false sense ofsecuritywhen usi ng IPSEC MCKILLICAN, DONALD (Feb 28)