[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 3DES keys



Upon reading this a couple of more times:

>  In Photuris, all the keys are generated by hashing from the
>  shared-secret.  Assume the shared-secret length is 128-bits, and its
>  strength is therefore 64-bits.  But given MD5, its 128-bit length
>  birthday attack is also 64-bit strength.

>  So, I don't understand why one would use more than 128 bits for the
>  length of the shared-secret.  Why would the conservative advice be 256
>  bit length?

I see your point.  Yes, for a 128-bit MD5 key it is reasonable to
choose from a 64-bit space.  Hashing requires a different analysis than
encryption.  The difficulty of finding a collision for MD5 is about the
same whether the key is 64 or 128 bits.  Of course, with a 64 bit key,
the probability of there being a collision is reduced.



References: