[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: new second mandatory IPsec cipher
In article <3.0.6.32.19990713132446.00805420@127.0.0.1>,
Rodney Thayer <rodney@ssh.fi> wrote:
> I think we need to have a second cipher to use, in the event 3DES is
> found to be unsafe.
If this is the indeed the only goal, then I suggest that DESX is not the
right answer. It's not different enough to provide the needed diversity.
I find it difficult to imagine a scenario where 3DES gets broken yet DESX
somehow remains untarnished.
Don't get me wrong---I think DESX is a nice cipher, and it gives wonderful
performance for the provided assurance and security level---but if the sole
criterion is to provide a secure backup cipher in case 3DES fails, DESX
seems like the wrong choice.
On the remaining choices (Blowfish or CAST-128), I offer no opinions.