[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

More on a second IPSec algorithm

To: Dennis Glatting <dennis.glatting@software-munitions.com>, jerome@psti.com, ipsec@lists.tislabs.com
Subject: More on a second IPSec algorithm
From: Bruce Schneier <schneier@counterpane.com>
Date: Fri, 16 Jul 1999 10:23:41 -0500
In-Reply-To: <Pine.BSF.4.10.9907152159300.66026-100000@btw.plaintalk.bellevue.wa.us>
Posted-Date: Fri, 16 Jul 1999 12:25:30 -0500 (CDT)
References: <4.1.19990715161920.00a04930@mail.visi.com>
Sender: owner-ipsec@lists.tislabs.com

At 10:13 PM 7/15/99 -0700, Dennis Glatting wrote:
>I am having trouble believing 3DES is going to broken anytime soon,
>but then I am not a cryptographer and up on current events. Therefore,
>I believe that a back-up cipher will be caught in regular maintenance
>cycles and the whole thing a non-issue, but I've been wrong many times
>before. :)

Look at it this way.  If triple-DES is broken--and by broken I don't mean an
academic weakness that drops its keylength down to 100 bits with
100 terrabytes of known plaintext, but broken with a 2^64-ish complexity
attack that requires immediat replacement--then there has been some kind
of fundamental breakthrough in cryptanalysis.  This breakthrough is likely
to wreak havoc through all of our existing block ciphers, at least through
those built on SP-networks and Feistel networks.  I'm not convinced that
we can reliably choose another algorithm to protect us against that
eventually.

On the more realistic hand, attacks nibble away at algorithms over the 
years.  Look at the increasingly better attacks against DES, FEAL, IDEA,
etc.  Even when new attacks come out of the blue, they generally do a
few rounds better than older attacks.  We can't break single DES better
than brute force (in situations with reasonable amounts of plaintext); an
attack against triple-DES just isn't going to happen anytime soon.

And for those who want a backup algorithm as a hot spare, just in case,
I would feel much better if they would figure out how to recover from an
overflow bug, or an implementation problem, or any of the more common
and reasonable attacks that happen against Internet security protocols
all the time.  This is where the insecurities are going to happen, not in
the trile-DES algorithm.

The NSA does not build encryption equipment with a hot-spare algorithm
in it.  It makes no sense to do so.

Bruce
**********************************************************************
Bruce Schneier, President, Counterpane Systems     Phone: 612-823-1098
101 E Minnehaha Parkway, Minneapolis, MN  55419      Fax: 612-823-1590
           Free crypto newsletter.  See:  http://www.counterpane.com

Follow-Ups:

Re: More on a second IPSec algorithm

From: William Allen Simpson <wsimpson@greendragon.com>

References:

Re: your mail

From: Dennis Glatting <dennis.glatting@software-munitions.com>

Prev by Date: IPsec Aware Packet Sniffer
Next by Date: FW: XAUTH?
Prev by thread: Re: your mail
Next by thread: Re: More on a second IPSec algorithm
Index(es):
- Main
- Thread