[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: 3DES with 40-bit key?
>>>>> "Ari" == Ari Huttunen <Ari.Huttunen@lmf.ericsson.se> writes:
Ari> Actually I was thinking more of only allowing single-DES in the
Ari> re-exported version and variable keylength algorithms with the
Ari> length limited to 56 bits. This might not be very interoperable,
Ari> particularly if our our implementation is the responding side,
Ari> but at least it's exactly what it claims to be.
Ari> I would very much prefer an interoperable way to limit the
Ari> keysize, something that is controllable with the security
Ari> policy. The default policy might be to not allow watered down
Ari> cryptography, and the customer would have to specifically allow
Ari> it.
I think you're all set then.
DES has 56 bit keys. With variable length key systems, you can select
the keylength. So the protocol allows what you need. (There is no
way to say "3DES with 56 bit keys"; if that's what you mean then you
ask for it by saying "DES".)
As for policy, management of policy isn't currently standardized and
in any case is a local matter, so you can already have your
implementation do what it needs to.
paul
References: