[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 112 bit 3DES

To: "Volpe, Victor" <vvolpe@altiga.com>
Subject: Re: 112 bit 3DES
From: Henry Spencer <henry@spsystems.net>
Date: Wed, 28 Apr 1999 18:22:04 -0400 (EDT)
cc: IP Security List <ipsec@lists.tislabs.com>
In-Reply-To: <A0550295565ED211A13B00A0C9A7918906A3CA@mail.altiga.com>
Sender: owner-ipsec@lists.tislabs.com

On Wed, 28 Apr 1999, Volpe, Victor wrote:
> According to the 3DES draft "draft-ietf-ipsec-ciph-des3-00.txt", 112 bit
> 3DES must not be negotiated via IKE and is therefore a non-compliant key
> length for 3DES.  Did I read this correctly?

Yes.  IPSEC (RFC 2451) 3DES does not have variable key length; a 3DES key
is 192 bits exactly, and no excuses (although 24 of those bits are parity
bits which do not participate in the cipher, making the real key length
168 bits).  Each of the three DES stages in it has a separate, distinct
key.  There is no provision for giving two of the stages identical keys.

"112 bit 3DES" has no particular advantage over real 3DES, and has some
known weaknesses (none of them looks like a practical attack route, last I
heard, but they make people nervous). 

> What is the status of the draft?

RFC 2451 is currently at Proposed Standard status, I believe.  The draft
you refer to is long obsolete.

                                                          Henry Spencer
                                                       henry@spsystems.net
                                                     (henry@zoo.toronto.edu)

References:

112 bit 3DES

From: "Volpe, Victor" <vvolpe@altiga.com>

Prev by Date: RE: linux-ipsec: Decrypting ID payload in Main Mode w/shared secrets
Next by Date: Re: IPSec Throughput
Prev by thread: Re: 112 bit 3DES
Next by thread: How is CONNECTED notify authenticated ?
Index(es):
- Main
- Thread