[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Short keys * Options, combinations, and negotiations => simplicity
Steven Kent writes, in two different postings:
> Providing a 3DES
> option for those users who do percieve a threat for which this algorithm
> and key size are appropriate, and for which the complementary security
> safeguards are consistent, is an appropriate means of accommodating a range
> of user requirements in a standard protocol.
and
> However, because more secure algorithms and longer key
> lengths often entail performance penalties, one should make an informed
> decision when selecting among multiple options.
The differential increase in computing power required to support greater key
lengths is far smaller than the increase in computing power required to
decrypt traffic using these longer key lengths (assuming brute force).
Given:
- That there are numerous potential interceptors, with a wide range of
financial means.
- The continuous increase in computing power, facilitating the use of
longer key lengths.
- That it is impossible for the IPSEC working group to envision who will need
(or want) what level of encryption, now or in the future.
I think it would be prudent for us to make mandatory-to-implement strong
algorithms such as 3DES. The existence of these algorithms in all IPSEC
implementations will ensure that those who have or feel a need for strong
cryptography will have the means available to them within IPSEC. Those who
don't feel the need can still use single DES, which will also be available
in all implementations.
I encourage the group to make 3DES mandatory-to-implement.
I personally believe that 56-bit DES will become less used with time, and
agree with John that we must cull this and other short-keylength algorithms,
or at least make stronger algorithms available just as widely as 56-bit DES.
-Arve.