[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: 3DES keys
Upon reading this a couple of more times:
> In Photuris, all the keys are generated by hashing from the
> shared-secret. Assume the shared-secret length is 128-bits, and its
> strength is therefore 64-bits. But given MD5, its 128-bit length
> birthday attack is also 64-bit strength.
> So, I don't understand why one would use more than 128 bits for the
> length of the shared-secret. Why would the conservative advice be 256
> bit length?
I see your point. Yes, for a 128-bit MD5 key it is reasonable to
choose from a 64-bit space. Hashing requires a different analysis than
encryption. The difficulty of finding a collision for MD5 is about the
same whether the key is 64 or 128 bits. Of course, with a 64 bit key,
the probability of there being a collision is reduced.
References:
- Re: 3DES keys
- From: "William Allen Simpson" <bsimpson@morningstar.com>