[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

What price security?

Uri Blumenthal writes:
> What to do depends on how close to DEs you want to stay. There
> is DES/SK (in which I have personal interest, as this mod was
> designed by me and Steve Bellovin) - it will deny brute force
> and make diff/lin attacks more difficult (but not impossible).
> There's 3DES for those who don't want to change a single bit
> of DES spec (which may or may not be wise, considering the
> price paid)...

I used to think that 3DES and other algorithms like it were "too

Extensive day to day use of SSH taught me otherwise. I 3DES encrypt
ALL my network traffic these days -- backups, remote logins, the works
-- and I never notice the speed loss.

Actually working with implementations often teaches one things one
wouldn't have suspected from a theoretical viewpoint. My guess is that
3DES is only too expensive if you are trying to push a lot of data
through an old embedded microprocessor based system where you just
don't have the juice to do the work. On anything remotely modern, or
anything where you aren't pumping lots of data (and hypothetical SNMP
enabled lightbulbs aren't going to be pushing lots of data), you will
not notice the overhead.


Follow-Ups: References: