[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Wired query on Windows 2000 and DES/3DES
How did you come up with "3DES is up to 10^17 (2^(112-56)) times as
resistant as DES"? Is 3DES properly noted as (2^56)^3 or is it 3*(2^56)?
Kevin
-----Original Message-----
From: Declan McCullagh [mailto:declan@wired.com]
Sent: Monday, May 15, 2000 2:49 PM
To: ipsec@lists.tislabs.com
Subject: Wired query on Windows 2000 and DES/3DES
I'm writing an article on the 3DES/single DES issue, and am posting here to
get feedback and head off any potential errors. I've read all the messages
in the thread. I have also asked Microsoft for comment directly. My summary
so far:
* Even when Windows 2000 is told to use triple-DES, export versions will
quietly use single-DES. The only case in which this silent (modulo log
entry) switch happens is when export versions are talking to export
versions.
* Microsoft intentionally designed this in and thinks of it as feature, not
a bug. It's documented somewhere in the manual and obsessive readers might
even find it.
* Poor saps with export versions can download the 3DES upgrade from
microsoft.com.
* 3DES is up to 10^17 (2^(112-56)) times as resistant as DES to an
exhaustive search. I assume that differential cryptanalysis cuts this
substantially, but I haven't been able to find any figures. I have come
across a related key attack that cuts total effort to 2^56 to 2^72, but I
understand this isn't practical.
* The fastest single DES "crack" yet is the January 1999 one of 22 hours:
http://www.eff.org/pub/Privacy/Crypto_misc/DESCracker/HTML/19990119_deschall
enge3.html
* Windows 2000 came out around the same time that U.S. crypto policy
changed. Future versions of the OS may be approved by Commerce Dept for
general export.
-Declan
Wired News
http://www.wired.com/
202 986 3455