[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

What price security?

To: uri@watson.ibm.com
Subject: What price security?
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 19 Jun 1997 15:50:42 -0400
cc: trei@process.com, ipsec@tis.com
In-reply-to: Your message of "Thu, 19 Jun 1997 12:29:08 EDT." <9706191629.AA25553@hawpub.watson.ibm.com>
Reply-To: perry@piermont.com
Sender: owner-ipsec@ex.tis.com

Uri Blumenthal writes:
> What to do depends on how close to DEs you want to stay. There
> is DES/SK (in which I have personal interest, as this mod was
> designed by me and Steve Bellovin) - it will deny brute force
> and make diff/lin attacks more difficult (but not impossible).
> There's 3DES for those who don't want to change a single bit
> of DES spec (which may or may not be wise, considering the
> price paid)...

I used to think that 3DES and other algorithms like it were "too
expensive".

Extensive day to day use of SSH taught me otherwise. I 3DES encrypt
ALL my network traffic these days -- backups, remote logins, the works
-- and I never notice the speed loss.

Actually working with implementations often teaches one things one
wouldn't have suspected from a theoretical viewpoint. My guess is that
3DES is only too expensive if you are trying to push a lot of data
through an old embedded microprocessor based system where you just
don't have the juice to do the work. On anything remotely modern, or
anything where you aren't pumping lots of data (and hypothetical SNMP
enabled lightbulbs aren't going to be pushing lots of data), you will
not notice the overhead.

Perry

Follow-Ups:

Re: What price security?

From: Uri Blumenthal <uri@watson.ibm.com>

Re: What price security?

From: Phil Karn <karn@Qualcomm.com>

References:

Re: DES-CBC brute forced.

From: Uri Blumenthal <uri@watson.ibm.com>

Prev by Date: Re: isakmp/doi questions: fine-grained keying..
Next by Date: Re: What price security?
Next by thread: Re: New draft -- IPSEC AH
Index(es):
- Main
- Thread