Bugtraq mailing list archives
Re: Nortel CES (3DES version) offers false sense of securitywhen usi ng IPSEC
From: Jack Lloyd <lloyd () ACM JHU EDU>
Date: Wed, 28 Feb 2001 13:14:32 -0500
Similarly: 3DES isn't stronger than 112 bits. I'm not claiming that 3DES is weaker than 112 bits. I claim that some smart people found that cracking 3DES requires only on the order of 2^112 operations,
2^112 operations, given 2^56 blocks of memory. Since DES has an 8 byte block, that's 512 petabytes. That's a lot of memory, at least in my book.
and that keying 3DES with 112bits of significant key was possible, and that therefore it is useless to use 3DES with more than 112 bits of key. Why is DES keyed with 56 bits, and not 64? Nobody seemed to know until a few years ago someone showed that keyed with 56 or 64 bits, cryptanalysis of DES requires 2^56 operations. The same should be done with 3DES: If cryptanalysis can be done in 2^112 operations, it should be keyed with 112 bits, and not with an arbitrarily higher number.
3DES keyed with 112 bits of key can be broken with 2^56 operations and 2^56 memory, which is much easier than the 2^112 operations and 2^56 memory that is required to break 3DES with a 168 bit key. Jack
Current thread:
- Re: Nortel CES (3DES version) offers false sense of security when usi ng IPSEC, (continued)
- Re: Nortel CES (3DES version) offers false sense of security when usi ng IPSEC Tina Bird (Feb 27)
- Re: Nortel CES (3DES version) offers false sense of security when usi ng IPSEC Rogier Wolff (Feb 27)
- Re: Nortel CES (3DES version) offers false sense of security when usi ng IPSEC Dan Kaminsky (Feb 27)
- Re: Nortel CES (3DES version) offers false sense of securitywhen usi ng IPSEC MCKILLICAN, DONALD (Feb 27)
- Re: Nortel CES (3DES version) offers false sense of securitywhen usi ng IPSEC MCKILLICAN, DONALD (Feb 27)
- Re: Nortel CES (3DES version) offers false sense of securitywhen usi ng IPSEC Rogier Wolff (Feb 27)
- Re: Nortel CES (3DES version) offers false sense of securitywhen usi ng IPSEC Valdis Kletnieks (Feb 28)
- Re: Nortel CES (3DES version) offers false sense of securitywhen usi ng IPSEC Valdis Kletnieks (Feb 28)
- Re: Nortel CES (3DES version) offers false sense of securitywhen usi ng IPSEC Kent Borg (Feb 28)
- Re: Nortel CES (3DES version) offers false sense of securitywhen usi ng IPSEC Rogier Wolff (Feb 28)
- Re: Nortel CES (3DES version) offers false sense of securitywhen usi ng IPSEC Jack Lloyd (Feb 28)
- Re: Nortel CES (3DES version) offers false sense of securitywhen usi ng IPSEC Luciano Miguel Ferreira Rocha (Feb 28)
- Re: Nortel CES (3DES version) offers false sense ofsecuritywhen usi ng IPSEC MCKILLICAN, DONALD (Feb 28)