[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: 3DES with 40-bit key?
>>> Ari Huttunen <Ari.Huttunen@lmf.ericsson.se> 3/28/99 23:29:20 >>>
>Many of you will think this issue is braindead.
>I agree. However, as I understand that from now
>on the only MUST IMPLEMENT algorithm for ISAKMP
>and IPSEC is 3DES, the issue of what to do with
>export control rises. So, assume that export
>control limits the key length to 40 bits. How
>would I specify and negotiate this with IKE?
>It's about authentication between peers,
>the rest is IKE.
If i'm not mistaken, there are fine prints in the US export regulations regarding exporting cryptography products. That is, the key size MUST be treated together with its intended and allowed usage. That assumes that whatever product you're trying to export must present "sufficient" evidence to government that it enforces key types/algorithms/usages in accordance with the US export regulations.
Thus, for signature keys, there is no key size limit. For Encrypt-for-authentication keys, there is no size limit. For key management purposes, symmetric keys are restricted to 128 bits, and asymmetric keys are restricted to 1024 bits. For all other general purpose data encryption, you have 56-bit symmetric and 512-bit asymmetric keys.
PLEASE DOUBLE CHECK THESE NUMBERS. They are by no means approved numbers by any institution or anyone.
Then, I fail to understand the consideration on the 56-bit restriction on 3DES where the sole purpose of using it is authentication. Similarly, if the intended purpose is key management, 128 bits is allowed. Think in terms of double-key Triple DES - not a standard yet, but it could very well promoted to be. That is upto the company that tries to export its product. It is not that the US export regulations PROHIBIT such uses even with long keys, it is the product exporter that must show evidence that it is playing by the rules and enforcing policies. One such example is NICI - Novell International Cryptographic Infrastructure.