[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 3DES with 40-bit key?

To: IP Security List <ipsec@lists.tislabs.com>
Subject: Re: 3DES with 40-bit key?
From: Henry Spencer <henry@spsystems.net>
Date: Mon, 29 Mar 1999 10:19:41 -0500 (EST)
In-Reply-To: <36FF1DC0.8909FC6F@lmf.ericsson.se>
Sender: owner-ipsec@lists.tislabs.com

On Mon, 29 Mar 1999, Ari Huttunen wrote:
> ...the only MUST IMPLEMENT algorithm for ISAKMP
> and IPSEC is 3DES, the issue of what to do with
> export control rises. So, assume that export
> control limits the key length to 40 bits. How
> would I specify and negotiate this with IKE?

You can't.

Even in the days when the MUST algorithm was 1DES, the key was 56 bits,
not 40.  3DES's key length is fixed at 168 bits.  IPSEC has never had any
officially-defined provision for doing anything as weak as 40-bit keys;
the IETF has fairly consistently taken the position that specifications
for network security must not be watered down to please oppressive
governments. 

You cannot build a standard-conforming IPSEC implementation which
restricts keys to 40 bits (or, after the pending changes, 56 bits).  It's
not possible. 

                                                          Henry Spencer
                                                       henry@spsystems.net
                                                     (henry@zoo.toronto.edu)

Follow-Ups:

Re: 3DES with 40-bit key?

From: Dave Perks <Dave_Perks@mitel.com>

References:

3DES with 40-bit key?

From: Ari Huttunen <Ari.Huttunen@lmf.ericsson.se>

Prev by Date: Re: 3DES with 40-bit key?
Next by Date: Re: 3DES with 40-bit key?
Prev by thread: Re: 3DES with 40-bit key?
Next by thread: Re: 3DES with 40-bit key?
Index(es):
- Main
- Thread