[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPv6 Security Last Call Initial Questions

To: tytso@MIT.EDU (Theodore Ts'o)
Subject: Re: IPv6 Security Last Call Initial Questions
From: uri@watson.ibm.com
Date: Wed, 29 Mar 1995 16:12:25 -0500 (EST)
Cc: atkinson@itd.nrl.navy.mil, ipsec@ans.net
In-Reply-To: <9503292041.AA01462@dcl.MIT.EDU> from "Theodore Ts'o" at Mar 29, 95 03:41:39 pm
Reply-To: uri@watson.ibm.com

Theodore Ts'o says:
> IP issues aside, what's the strength of CDMF?  My understanding of 40
> bit RC4 is that it doesn't give away anything about the NSA's ability to
> crack cyphers.  40-bit RC4 is reportedly quiet easy for anyone to
> cryptoanalyze.

Let's see - it's 56 bits in, internally weakened to 40. SO overall
strength is 40 bits - but you can't just mount brute-force attack.
But why trust me - look it up and decide for yourself!

> If CDMF is similarily weak, what's the point of using it at all?

Well, it's only 40 bits strong. I don't think it's as weak as 40-bits RC4.
Under today's laws, even this was quite a bitch to get exportable. I can't
see how anything better will be exportable, unless the regulations change.
So if being exportable is your goal -  you'll have to balance the security
requirements (yes, DES with subkeys provided by pseudo-random generator is
more secure - but you'll never export it, ever) with your other constrains,
like can you afford a product, that is stuck witnin USA?

My answer to your question would be - I'd use CDMF if being exportable were
more important for me, than being absolutely unbreakable. I realize that it
is impossible to satisfy both under current laws. Sacrifice - you choose.
--
Regards,
Uri         uri@watson.ibm.com      N2RIU
===========
<Disclamer>

Prev by Date: Re: MD5 versus SHA -Reply
Next by Date: Re: MD5 versus SHA -Reply
Prev by thread: Re: IPv6 Security Last Call Initial Questions
Next by thread: Re: IPv6 Security Last Call Initial Questions
Index(es):
- Main
- Thread