Re: 3DES with 40-bit key?

[Ari Huttunen <Ari.Huttunen@lmf.ericsson.se>]

jim@mentat.com wrote:
> 
> [ NOTICE!  This list will be hosted at lists.tislabs.com as of March 26.
> There is no need to resubscribe, if you are on the list, you will remain
> on it.  Just begin sending posts, and any administrative requests to
> lists.tislabs.com as of now.  List mail to tis.com will cease to be
> delivered as of March 26, 1999.  ]
> 
> Ari Huttunen wrote:
> 
> > Many of you will think this issue is braindead.
> > I agree. However, as I understand that from now
> > on the only MUST IMPLEMENT algorithm for ISAKMP
> > and IPSEC is 3DES, the issue of what to do with
> > export control rises. So, assume that export
> > control limits the key length to 40 bits. How
> > would I specify and negotiate this with IKE?
> 
> I wouldn't say it's a braindead idea -- just that it's wrong.  3DES is
> defined in RFC 2451 as having a 192-bit key; 168 bits participate in
> the key schedule.  The key length is not negotiable for this cipher.
> If you were to do the equivalent of the CDMF transform to create a
> DES-like cipher with 40 bits of strength, it wouldn't be DES;
> similarly, a 40-bit version of 3DES would not be 3DES, and you would
> not have implemented this cipher, so you would not have satisfied any
> MUST IMPLEMENT clause.

So, which algorithm would you recommend for an export hampered
IPSec box to implement? Remember that it will have to be interoperable
with the other routers out there, which by now will only have to support
3DES. (This was agreed to at last IETF, no RFCs have been changed yet.)
Of course this is subject to security policy decisions.

BTW, I find it hard to imagine someone implementing 3DES but not
implementing
DES. This too, however, is slightly beside the point.

> 
> If you did something like this and tried to pass it off as a conforming
> IPSec implementation, it would be fraudulent.  If you can't get export
> licenses for the algorithms you want, then you can't export them.
> Simple as that.
> 
> By the way, the "weak ciphers for US export" limit has been raised to
> 56 bits with a BXA review.

I wonder... If I remember correctly what the Wassenaar agreement
stated, 56 bits was allowed for some uses, while still not allowed
for all possible uses. In any case, for this discussion it can
be any number of bits less than what 3DES needs.

> 
>         Jim Gillogly

Ari Huttunen
begin:vcard 
n:Huttunen;Ari
tel;fax:+358-9-2992634
tel;work:+358-9-2992472
x-mozilla-html:FALSE
org:L M Ericsson;LMF/T/TK
version:2.1
email;internet:Ari.Huttunen@lmf.ericsson.se
title:Software Designer
adr;quoted-printable:;;Oy L M Ericsson Ab=0D=0ATelecom R&D;;;02420 Jorvas;Finland
x-mozilla-cpt:;-30024
fn:Ari Huttunen
end:vcard

---

Follow-Ups:

• Re: 3DES with 40-bit key?
• From: Juha Heinanen <jh@lohi.eng.telia.fi>
• Re: 3DES with 40-bit key?
• From: Mike Carney <carney@securecomputing.com>
• Re: 3DES with 40-bit key?
• From: Henry Spencer <henry@spsystems.net>

References:

• Re: 3DES with 40-bit key?
• From: jim@mentat.com (Jim Gillogly)

---

• Prev by Date: Re: 3DES with 40-bit key?
• Next by Date: Re: 3DES with 40-bit key?
• Prev by thread: Re: 3DES with 40-bit key?
• Next by thread: Re: 3DES with 40-bit key?
• Index(es):
  • Main
  • Thread