Re: new second mandatory IPsec cipher

[Henry Spencer <henry@spsystems.net>]

On Tue, 13 Jul 1999, Rodney Thayer wrote:
> We've been talking about declaring a second mandatory to implement cipher...
> -- DESX
> -- BLOWFISH
> -- CAST-128
> Comments?  In particular, if someone has something bad to say about any of
> these ciphers, please try to be specific.

It seems to me that DESX is best thought of as a sort of faster variant of
3DES.  It's for people who are basically happy with DES, but want a longer
key length without 3DES's performance hit.

Worries about 3DES seem to fall into two main categories.  One is the fear
that it is equivalent to some other transformation with a shorter key,
which would make it vulnerable to brute-force search (it's known that 3DES
is not equivalent to 1DES, but that does not exhaust the possibilities). 
The other is the fear that there are hidden structural weaknesses in DES
which are preserved in 3DES... a fear accentuated by the fact that parts
of DES's origin are still shrouded in secrecy. 

DESX pretty much deals with the first fear, but does little for the
second.  A cipher chosen as a hedge against the possible failure of 3DES
should not use DES at all, and especially should not *be* DES in a thin
aluminum-foil wrapper.  I'd strike DESX from the list.

                                                          Henry Spencer
                                                       henry@spsystems.net
                                                     (henry@zoo.toronto.edu)

---

References:

• new second mandatory IPsec cipher
• From: Rodney Thayer <rodney@ssh.fi>

---

• Prev by Date: Re: new second mandatory IPsec cipher
• Next by Date: Re: new second mandatory IPsec cipher
• Prev by thread: Re: new second mandatory IPsec cipher
• Next by thread: Re: new second mandatory IPsec cipher
• Index(es):
  • Main
  • Thread