[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: 3DES (was: ipsec vs. firewalls)
OK, if we're gonna entertain 3DES then what about adding another
Diffie-Hellman group to IKE? There have been debates about the strength
provided by the existing D-H groups and the requirements of 3DES. A larger
prime may address some of those concerns.
Rich Schroeppel (Univ of Ariz) who generated the 768bit and 1024bit primes
for groups 1 and 2 has generated a 1536bit prime which could easily become
group 5. (In fact, I know of at least one vendor who has this already).
I can't think of any reasons why this shouldn't be added to the IKE draft
so if anybody has any, please speak up.
Dan.
Theodore Y. Ts'o writes:
> From: Steve Bellovin <smb@research.att.com>
>
> A more interesting topic is whether or not 3DES should be mandatory-
> to-implement. I suggest that it should be -- DES is obviously doomed
> (pick your favorite time constant), and we should take that into
> account. We're better off if the IPSEC boxes being deployed now are
> ready to switch.
>
> While I agree with you, we might need to have another one of Jeff's
> famous straw polls in Chicago (the "Chicago doctrine", anyone?), given
> the U.S. Goverment's special hostility to triple-DES. Given that
> vendors living behind the cryptographic iron curtain weren't all that
> happy about making DES mandatory, I'd suspect that they would howl over
> making triple-DES mandatory.
Follow-Ups:
References: