[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 3DES with 40-bit key?

[ NOTICE!  This list will be hosted at lists.tislabs.com as of March 26.
There is no need to resubscribe, if you are on the list, you will remain
on it.  Just begin sending posts, and any administrative requests to
lists.tislabs.com as of now.  List mail to tis.com will cease to be
delivered as of March 26, 1999.  ]

Ari Huttunen wrote:

> Many of you will think this issue is braindead. 
> I agree. However, as I understand that from now
> on the only MUST IMPLEMENT algorithm for ISAKMP
> and IPSEC is 3DES, the issue of what to do with
> export control rises. So, assume that export
> control limits the key length to 40 bits. How
> would I specify and negotiate this with IKE?

I wouldn't say it's a braindead idea -- just that it's wrong.  3DES is
defined in RFC 2451 as having a 192-bit key; 168 bits participate in
the key schedule.  The key length is not negotiable for this cipher.
If you were to do the equivalent of the CDMF transform to create a
DES-like cipher with 40 bits of strength, it wouldn't be DES;
similarly, a 40-bit version of 3DES would not be 3DES, and you would
not have implemented this cipher, so you would not have satisfied any

If you did something like this and tried to pass it off as a conforming
IPSec implementation, it would be fraudulent.  If you can't get export
licenses for the algorithms you want, then you can't export them.
Simple as that.

By the way, the "weak ciphers for US export" limit has been raised to
56 bits with a BXA review.

	Jim Gillogly