[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Clarification on 3DES transforms

To: Naganand Doraswamy <naganand@ftp.com>
Subject: Re: Clarification on 3DES transforms
From: Bill Sommerfeld <sommerfeld@apollo.hp.com>
Date: Thu, 24 Oct 1996 20:50:52 -0400
Cc: ipsec@TIS.COM
In-Reply-To: naganand's message of Thu, 24 Oct 1996 18:55:48 -0400. <2.2.32.19961024225548.00bf114c@mailserv-H.ftp.com>
Sender: ipsec-approval@neptune.tis.com

> DES_Key_I  = Truncate(MD5( D_Pad_I | K ),192)
> DES_KEY_I1 = first 64 bits of DES_KEY_I
> DES_KEY_I2 = second 64 bits of DES_KEY_I
> DES_KEY_I3 = third 64 bits of DES_KEY_I

MD5 only produces 128 bits of output, so this is not going to work
very well ...  you can't produce I3 because DES_KEY_I only has 128
bits, and you've also wasted 16 bits of entropy because of the @!#^%^&
DES key parity.

Note that if you use SHA instead, you get 160 bits out.  If you use
the bits efficiently, you only need 168 (not 192).  Where do you find
the remaining 8 bits?

I'm not endorsing the second one, mind you; I want to hear what the
Real Cryptographers(tm) have to say about it..

					- Bill

Follow-Ups:

Re: Clarification on 3DES transforms

From: "C. Harald Koch" <chk@border.com>

References:

Clarification on 3DES transforms

From: Naganand Doraswamy <naganand@ftp.com>

Prev by Date: Clarification on 3DES transforms
Next by Date: Re: Clarification on 3DES transforms
Prev by thread: Clarification on 3DES transforms
Next by thread: Re: Clarification on 3DES transforms
Index(es):
- Main
- Thread