[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Clarification on 3DES transforms
I have questions on key generation for 3DES transform, which mode of 3DES we
should be standardizing on and number of keys we should be using. I would
appreciate the group's input on this.
1. I am assuming that we will support 3 key version and not 2 key version.
Is there any need for us to support 2 key version?
2. Do we need to give an option whether to use inner-CBC or outer-CBC or can
we assume that we will support only outer-CBC. According to Schneier,
inner-CBC is less secure against differential attacks but is faster to
implement as you can parallelize encryption.
3. We can generate the keys in multiple ways. I would like to get opinions
on the cryptographic strengths of the keys generated using these options:
Option 1:
--------
DES_Key_I = Truncate(MD5( D_Pad_I | K ),192)
DES_KEY_I1 = first 64 bits of DES_KEY_I
DES_KEY_I2 = second 64 bits of DES_KEY_I
DES_KEY_I3 = third 64 bits of DES_KEY_I
D_Pad_I = 0x5c repeated 64 times
DES_KEY_R = Truncate( MD5(D_Pad_R | K ), 192)
DES_KEY_R1 = first 64 bits of DES_KEY_R
DES_KEY_R2 = second 64 bits of DES_KEY_R
DES_KEY_R3 = third 64 bits of DES_KEY_R
D_Pad_R = 0x3a repeated 64 times
Option 2:
---------
DES_Key_I1 = Truncate(MD5( D_Pad_I1 | K ),64)
DES_Key_I2 = Truncate(MD5( D_Pad_I2 | K ),64)
DES_Key_I3 = Truncate(MD5( D_Pad_I3 | K ),64)
DES_Key_R1 = Truncate(MD5( D_Pad_R1 | K ),64)
DES_Key_R2 = Truncate(MD5( D_Pad_R2 | K ),64)
DES_Key_R3 = Truncate(MD5( D_Pad_R3 | K ),64)
where
D_Pad_I1 = 0x5C repeated 64 times
D_Pad_I2 = 0xA3 repeated 64 times
D_Pad_I3 = 0xCA repeated 64 times
D_Pad_R1 = 0x3A repeated 64 times
D_Pad_R2 = 0xA5 repeated 64 times
D_Pad_R3 = 0xC3 repeated 64 times
Thanks,
--Naganand
----------------------------------------------------------------
naganand@ftp.com
Tel #: (508)684-6743 (O)
Follow-Ups: