[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Incorporation of AES into IPSec

To: jerome@psti.com
Subject: Re: Incorporation of AES into IPSec
From: Henry Spencer <henry@spsystems.net>
Date: Mon, 6 Dec 1999 13:21:53 -0500 (EST)
cc: Mark Shuttleworth <marks@thawte.com>, ipsec@lists.tislabs.com
In-Reply-To: <19991206115932.A26797@jerome.psti.com>
Sender: owner-ipsec@lists.tislabs.com

On Mon, 6 Dec 1999 jerome@psti.com wrote:
> > If you were wanting to protect data for 50 years, would 3DES be good enough?
> 
> it's hard to do prediction over so long time, but 3DES has a 168bits key.
> it is safe against a brute force attack.

Against a brute-force known-plaintext attack using meet-in-the-middle,
3DES's effective strength is only 112 bits, if the attacker can put a very
large memory in the middle.  However, 112 bits is still probably beyond
reasonable attack on that time scale, barring major breakthroughs in
computing technology. 

> A cryptanalitic breakthrough
> is possible but not likely because DES is a well studied algrorithm
> and the basis of 3DES.

The one small worry here is that 3DES hasn't had nearly as much study as
DES, and it's just possible that when you pile three copies of DES on top
of each other, they interact in some way that weakens them.  Agreed that
this seems unlikely -- in particular, it's less likely than weaknesses in
the various non-DES alternatives.

                                                          Henry Spencer
                                                       henry@spsystems.net
                                                     (henry@zoo.toronto.edu)

References:

Re: Incorporation of AES into IPSec

From: jerome@psti.com

Prev by Date: Re: Incorporation of AES into IPSec
Next by Date: RE: Heartbeats (was RE: keepalives)
Prev by thread: Re: Incorporation of AES into IPSec
Next by thread: Re: Incorporation of AES into IPSec
Index(es):
- Main
- Thread