[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
DES-XEX3 was: A little social engineering
Goodness, a lot of traffic the past two days!
> From: "Perry E. Metzger" <firstname.lastname@example.org>
> Rich Graveman writes:
> > However, even having read the last two days' comments about performance,
> > I think we should take time to consider DESX, which also appears to have
> > the advantages above at single DES performance.
> If I remember correctly DESX just "whitens" DES with a repeated XOR of
> each block against a static key value. My gut instinct is that I don't
> trust that much. I think of it as multiple encryption of DES and a
> repeated XOR pad, and certainly given that the repeated XOR pad alone
> is completely trivial to break, I'm not sure why I would trust the
> combination of DES with a trivial algorithm...
> Anyway, it doesn't give me comfort.
My memory (from Schneier, Byte, and CryptoBytes) is that this extends
the DES 56-bits key strength up to about 120-bits for brute-force, and
boosts the chosen plaintexts from 2**47 to 2**60 for differential.
Even if my memory is slightly wrong on the numbers, but that's pretty
good for a tiny amount of effort, and probably worthwhile.
Also, the old Photuris attribute extensions -02 draft had numerous
attributes defined so that ESP could be negotiated with all the subtle
variations, without defining a slew of transforms. In Photuris, you
would simply negotiate: ESP, XOR, DES-CBC, XOR.
Never-the-less, Oakley is not as flexible, so I've agreed to write up
DES-XEX3-CBC for ANX Security. Should be ready by tomorrow.
If you'd read draft-simpson-ipsec-enhancement-01.txt, you'll note we
list several alternatives. One is to XOR a pair of PRNG blocks against
each DES block. Fast and almost as easy.
So, while I'm at it, I'll write up DES-GEG3-CBC, too!
Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32
Key fingerprint = 2E 07 23 03 C5 62 70 D3 59 B1 4F 5E 1D C2 C1 A2