[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Editorial: Use of MAY in draft-ietf-ipsec-ikev2-algorithms

To: Eric Rescorla <ekr@rtfm.com>
Subject: Re: Editorial: Use of MAY in draft-ietf-ipsec-ikev2-algorithms
From: Scott Fluhrer <sfluhrer@cisco.com>
Date: Thu, 12 Jun 2003 12:03:38 -0700 (PDT)
cc: Paul Hoffman / VPNC <paul.hoffman@vpnc.org>, Paul Koning <pkoning@equallogic.com>, ynir@CheckPoint.com, daw@mozart.cs.berkeley.edu, ipsec@lists.tislabs.com
In-Reply-To: <kj8ys7rwlo.fsf@romeo.rtfm.com>
References: <p05210614bb0d3330f4ec@[63.202.92.152]> <003101c330c9$f57681d0$292e1dc2@YnirNew><16104.35977.651000.712505@gargle.gargle.HOWL> <p05210629bb0e5abb546d@[63.202.92.152]><kj8ys7rwlo.fsf@romeo.rtfm.com>
Sender: owner-ipsec@lists.tislabs.com

On Thu, 12 Jun 2003, Eric Rescorla wrote:

> Paul Hoffman / VPNC <paul.hoffman@vpnc.org> writes:
>
> > At 10:22 AM -0400 6/12/03, Paul Koning wrote:
> > >96 is probably enough but it's not a common keysize, so 128 makes
> > >sense.
> >
> > But only if you want to eliminate TripleDES, whose key size is 112
> > bits. No one counts the parity bits as meaningful.
> As I understand RFC 2451, the 3DES we uses is 3-key 3DES in
> EDE mode, so the effective key size should be 168 bits.

For a cryptographical standpoint, there may be 168 distinct key bits that
affect the ciphertext, but it is well known that you can break 3DES with
far less work than O(2**168) effort.  There is a meet-in-the-middle attack
that (with a lot of memory) brings the effort down to around O(2**112),
which is what I assume Paul was refering to.  In addition, if you have
vast quantities of known plaintext encrypted with the same key, Stephan
Lucks' attack becomes interesting, which reduces the effort a bit more
(I don't have a solid estimate at hand).

Neither of these attacks are practical given current current limitations,
but one should remember that they do exist.

-- 
scott

Follow-Ups:
- Re: Editorial: Use of MAY in draft-ietf-ipsec-ikev2-algorithms
  - From: Eric Rescorla <ekr@rtfm.com>

References:
- Re: Editorial: Use of MAY in draft-ietf-ipsec-ikev2-algorithms
  - From: Paul Hoffman / VPNC <paul.hoffman@vpnc.org>
- RE: Editorial: Use of MAY in draft-ietf-ipsec-ikev2-algorithms
  - From: "Yoav Nir" <ynir@CheckPoint.com>
- RE: Editorial: Use of MAY in draft-ietf-ipsec-ikev2-algorithms
  - From: Paul Koning <pkoning@equallogic.com>
- RE: Editorial: Use of MAY in draft-ietf-ipsec-ikev2-algorithms
  - From: Paul Hoffman / VPNC <paul.hoffman@vpnc.org>
- Re: Editorial: Use of MAY in draft-ietf-ipsec-ikev2-algorithms
  - From: Eric Rescorla <ekr@rtfm.com>

Prev by Date: Re: Editorial: Use of MAY in draft-ietf-ipsec-ikev2-algorithms
Next by Date: Re: Editorial: Use of MAY in draft-ietf-ipsec-ikev2-algorithms
Prev by thread: Re: Editorial: Use of MAY in draft-ietf-ipsec-ikev2-algorithms
Next by thread: Re: Editorial: Use of MAY in draft-ietf-ipsec-ikev2-algorithms
Index(es):
- Date
- Thread