[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 3DES with 40-bit key?

To: Ari Huttunen <Ari.Huttunen@lmf.ericsson.se>, ipsec@lists.tislabs.com
Subject: Re: 3DES with 40-bit key?
From: Joe Tardo <jtardo@freegate.com>
Date: Mon, 29 Mar 1999 10:48:14 -0800
Sender: owner-ipsec@lists.tislabs.com

At 09:29 AM 3/29/99 +0300, Ari Huttunen wrote:
>Hi,
>
>Many of you will think this issue is braindead. 
>I agree. However, as I understand that from now
>on the only MUST IMPLEMENT algorithm for ISAKMP
>and IPSEC is 3DES, the issue of what to do with
>export control rises. So, assume that export
>control limits the key length to 40 bits. How
>would I specify and negotiate this with IKE?
>
>Ari Huttunen

Well, assuming you mean *export from the U.S.* as I read the regulations
it's ok to ship 56-bit anything.

So why not just use 3DES with the three identical keys, which is identical
to 56-bit DES?

Unappealing, and I'm not (necessarily) advocating this, but why is it any
different than, say, 'salted' RC4 schemes which have been approved for
export for years? These use the full 128-bit key size but reveal 88 bits in
the protocol.

--Joe

Follow-Ups:

Re: 3DES with 40-bit key?

From: Paul Koning <pkoning@xedia.com>

Re: 3DES with 40-bit key?

From: Sandy Harris <sandy.harris@sympatico.ca>

Prev by Date: Re: 3DES with 40-bit key?
Next by Date: Re: Quick Mode and resistance to related-key cryptanalysis
Prev by thread: Re: 3DES with 40-bit key?
Next by thread: Re: 3DES with 40-bit key?
Index(es):
- Main
- Thread