[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

new second mandatory IPsec cipher



We've been talking about declaring a second mandatory to implement cipher,
or in some way declaring a new second cipher for IPsec.  This would be to
change from DES and 3DES to 3DES and <something>.  It seems this needs
to be discussed on the list.  So, here goes.

I think we need to have a second cipher to use, in the event 3DES is
found to be unsafe.  This is not a reflection on the quality of 3DES.
In my opinion there are genuine legitimate concerns about the use of
DES, and there are definitely people out there in the commercial world
who wish to phase out it's use.

What should we use instead?  Well, there are apparently three choices:

-- DESX
-- BLOWFISH
-- CAST-128

All of these have their advocates.

DESX (or DES-XEX, or whatever it's called) has some detractors.
It is hoped that anyone who reads this message and attends Crypto '99
would look up the discussions that are expected there.

BLOWFISH has some detractors.  The negative views appear to be of the
form "it wasn't constructed in a formal manner", or something like that.

CAST-128 has some detractors.  The negative views appear to be of the
form "it's too young".

Now I'm not a cryptographer, and I don't play one on the internet, but I
want to get those of you that are cryptographers (or play one on the Internet)
to comment on this.

Of course, for us vendors of software implementations, the programmer's lazy
answer is to implement all three of these and let someone else decide.  This
doesn't work for hardware vendors, and for users who want some level of
coherent valid advice on what to use.


Comments?  In particular, if someone has something bad to say about any of
these ciphers, please try to be specific.




Follow-Ups: