[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: new second mandatory IPsec cipher - updated choice list

To: Rodney Thayer <rodney@ssh.fi>
Subject: Re: new second mandatory IPsec cipher - updated choice list
From: "Jesse Walker" <jwalker@shiva.com>
Date: Wed, 14 Jul 1999 10:47:34 -0400
cc: ipsec@lists.tislabs.com
Sender: owner-ipsec@lists.tislabs.com

MARS, RC6, Rijndael, Serpent, and Twofish seem to be the most serious AES
candidates.

If the goal is really to make IPSec more resistant to attack, we want the
second mandatory algorithm to be as different from DES as possible. This
line of reasoning argues in favor of RC5 among the algorithms already
defined for use in IPSec, and RC6 and Rijndael as the best choices among
the AES candidates.





Rodney Thayer <rodney@ssh.fi> on 07/14/99 03:57:40 AM

To:   Rodney Thayer <rodney@ssh.fi>, ipsec@lists.tislabs.com
cc:   rodney@ssh.fi (bcc: Jesse Walker/Shiva Corporation)
Subject:  Re: new second mandatory IPsec cipher - updated choice list




>What should we use instead?  Well, there are apparently three choices:
>
>-- DESX
>-- BLOWFISH
>-- CAST-128

Based on discussions so far, the choices list should be redrawn.

I think this is the list...

-- CAST-128
-- BLOWFISH
-- IDEA
-- TWOFISH
-- MARS
-- (other AES candidates, please feel free to contribute)

Note there seems to be consensus that DESX is _NOT_ a choice,
because if DES/3DES are going to fail, the same structural failure
would probably apply to DESX.  I assume the same logic applies to
DES/SK.

Follow-Ups:

Re: new second mandatory IPsec cipher - updated choice list

From: Rodney Thayer <rodney@ssh.fi>

Prev by Date: Re: new second mandatory IPsec cipher
Next by Date: RE: new second mandatory IPsec cipher
Prev by thread: Re: new second mandatory IPsec cipher - updated choice list
Next by thread: Re: new second mandatory IPsec cipher - updated choice list
Index(es):
- Main
- Thread