[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: new second mandatory IPsec cipher
On Tue, 13 Jul 1999, Rodney Thayer wrote:
> We've been talking about declaring a second mandatory to implement cipher,
> or in some way declaring a new second cipher for IPsec. This would be to
> change from DES and 3DES to 3DES and <something>. It seems this needs
> to be discussed on the list. So, here goes.
>
> I think we need to have a second cipher to use, in the event 3DES is
> found to be unsafe. This is not a reflection on the quality of 3DES.
> In my opinion there are genuine legitimate concerns about the use of
> DES, and there are definitely people out there in the commercial world
> who wish to phase out it's use.
>
> What should we use instead? Well, there are apparently three choices:
>
> -- DESX
> -- BLOWFISH
> -- CAST-128
The best (IMHO) opinion would be to wait until December and then pick 1-2
leading AES candidates. As it was announced, 5 best candidates will be
selected during this summer by NIST. 3-5 more months is a necessary time
limit to avoid sudden brokages of the candidates. Surely nobody believes
that DES gets broken in the next 5 months.
I do not think your selection is algorithms is the best for IPSEC. If
there were no patent problems, I'd select IDEA. I do not have a big
confidence in the mentioned three algorithms. Moreover, IPSEC should
embody in itself also a 128-bit _block_ cipher, and only the newest
algorithms satisfy this criterion.
New algorithms (Rijndael, RC6, Twofish, ...) are faster than Blowfish and
presumably much more secure than Blowfish or Cast-128 (only by the block
length!).
Regards,
Helger
http://home.cyber.ee/helger
Follow-Ups:
References: