[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: DES <weak> key list?

To: "Theodore Y. Ts'o" <tytso@MIT.EDU>
Subject: Re: DES <weak> key list?
From: Rodney Thayer <rodney@sabletech.com>
Date: Wed, 10 Sep 1997 15:11:12 -0400
Cc: ipsec@tis.com
In-Reply-To: <199709101853.OAA23904@dcl.MIT.EDU>
References: <Steven Bellovin's message of Wed, 10 Sep 1997 10:37:17 -0400,<199709101437.KAA09123@postal.research.att.com>
Sender: owner-ipsec@ex.tis.com

It's my impression that Bruce Schneier has the same opinion.  I suggest we
pull the text from all three places.

At 02:53 PM 9/10/97 -0400, you wrote:
>   Date: Wed, 10 Sep 1997 10:37:17 -0400
>   From: Steven Bellovin <smb@research.att.com>
>
>   I confess that I'm not worried about the possibility of a weak key being
>   chosen at random.  Even if one is, so what?  The problem with a weak key
>   is that double-encryption with it yields the original plaintext.  We're
>   not double-encrypting in general; if there are two independent layers of
>   encryption, the odds on hitting a weak key in both is about 1 in 2^108.
>   I'll take my chances...
>
>It's even better than that.  Given that we're using CBC, you'd have to
>doubly encrypt with the same IV, and the odds that they would be the
>same make the probability of lossage even lower.  
>
>It's really not clear this is worth us worrying about it...
>
>							- Ted
>
>

References:

Re: DES <weak> key list?

From: "Theodore Y. Ts'o" <tytso@MIT.EDU>

Prev by Date: No Subject
Next by Date: Re: Vendors who are implementing IPSEC, step forward....
Prev by thread: Re: DES <weak> key list?
Next by thread: Re: DES <weak> key list?
Index(es):
- Main
- Thread