Re: 3DES with 40-bit key?

[Sandy Harris <sandy.harris@sympatico.ca>]

Joe Tardo wrote:

> So why not just use 3DES with the three identical keys, which is identical
> to 56-bit DES?

RFC 2451 does not allow that. For IPSEC, 3DES has 3 different keys.

They're right, too. Your suggestion gives the worst of both worlds: the
proven insecurity of single DES with the overheads of 3DES.

For details, see the (expired) draft:
http://www.ietf.org/internet-drafts/draft-ietf-ipsec-ciph-des3-00.txt
 
> Unappealing, and I'm not (necessarily) advocating this, but why is it any
> different than, say, 'salted' RC4 schemes which have been approved for
> export for years? These use the full 128-bit key size but reveal 88 bits in
> the protocol.

It isn't any different. There are lots of ways to weaken ciphers. The US
and other governments will be happy with any weakening that lets them
break the ciphers.

For the arguments on why not to do this for the Internet, see RFC 1984.

For free code that implements IPSEC with 3DES see either of:

http://www.xs4all.nl/~freeswan    for Linux
http://www.kame.net               for *BSD, from Japan

I know of no export restrictions on either of these.

---

Follow-Ups:

• Re: 3DES with 40-bit key?
• From: Niklas Hallqvist <niklas@appli.se>

References:

• Re: 3DES with 40-bit key?
• From: Joe Tardo <jtardo@freegate.com>

---

• Prev by Date: Re: 3DES with 40-bit key?
• Next by Date: RE: 3DES with 40-bit key?
• Prev by thread: Re: 3DES with 40-bit key?
• Next by thread: Re: 3DES with 40-bit key?
• Index(es):
  • Main
  • Thread