Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Nortel CES (3DES version) offers false sense of securitywhen usi ng IPSEC

From: Jack Lloyd <lloyd () ACM JHU EDU>
Date: Wed, 28 Feb 2001 13:14:32 -0500
Similarly: 3DES isn't stronger than 112 bits. I'm not claiming that
3DES is weaker than 112 bits. I claim that some smart people found
that cracking 3DES requires only on the order of 2^112 operations,


2^112 operations, given 2^56 blocks of memory. Since DES has an 8 byte
block, that's 512 petabytes. That's a lot of memory, at least in my book.


and that keying 3DES with 112bits of significant key was possible, and
that therefore it is useless to use 3DES with more than 112 bits of
key.

Why is DES keyed with 56 bits, and not 64? Nobody seemed to know until
a few years ago someone showed that keyed with 56 or 64 bits,
cryptanalysis of DES requires 2^56 operations. The same should be done
with 3DES: If cryptanalysis can be done in 2^112 operations, it should
be keyed with 112 bits, and not with an arbitrarily higher number.


3DES keyed with 112 bits of key can be broken with 2^56 operations and
2^56 memory, which is much easier than the 2^112 operations and 2^56
memory that is required to break 3DES with a 168 bit key.

Jack
Previous By Date Next
Previous By Thread Next

Current thread: