[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 3DES with 40-bit key?

At 09:29 AM 3/29/99 +0300, Ari Huttunen wrote:
>Many of you will think this issue is braindead. 
>I agree. However, as I understand that from now
>on the only MUST IMPLEMENT algorithm for ISAKMP
>and IPSEC is 3DES, the issue of what to do with
>export control rises. So, assume that export
>control limits the key length to 40 bits. How
>would I specify and negotiate this with IKE?
>Ari Huttunen

Well, assuming you mean *export from the U.S.* as I read the regulations
it's ok to ship 56-bit anything.

So why not just use 3DES with the three identical keys, which is identical
to 56-bit DES?

Unappealing, and I'm not (necessarily) advocating this, but why is it any
different than, say, 'salted' RC4 schemes which have been approved for
export for years? These use the full 128-bit key size but reveal 88 bits in
the protocol.