[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPv6 Security Last Call Initial Questions

Theodore Ts'o says:
> IP issues aside, what's the strength of CDMF?  My understanding of 40
> bit RC4 is that it doesn't give away anything about the NSA's ability to
> crack cyphers.  40-bit RC4 is reportedly quiet easy for anyone to
> cryptoanalyze.

Let's see - it's 56 bits in, internally weakened to 40. SO overall
strength is 40 bits - but you can't just mount brute-force attack.
But why trust me - look it up and decide for yourself!

> If CDMF is similarily weak, what's the point of using it at all?

Well, it's only 40 bits strong. I don't think it's as weak as 40-bits RC4.
Under today's laws, even this was quite a bitch to get exportable. I can't
see how anything better will be exportable, unless the regulations change.
So if being exportable is your goal -  you'll have to balance the security
requirements (yes, DES with subkeys provided by pseudo-random generator is
more secure - but you'll never export it, ever) with your other constrains,
like can you afford a product, that is stuck witnin USA?

My answer to your question would be - I'd use CDMF if being exportable were
more important for me, than being absolutely unbreakable. I realize that it
is impossible to satisfy both under current laws. Sacrifice - you choose.
Uri         uri@watson.ibm.com      N2RIU