[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Suggested wording for weak key lengths in IKEv2
At 3:56 PM -0400 6/26/03, Paul Koning wrote:
> Paul> - A sentence be added to the end of that section as a
> Paul> free-standing paragraph that says: "Implementations that use
> Paul> algorithms with variable-length keys SHOULD NOT use keys that
> Paul> are weaker than the effective strength of ENCR_3DES."
>How about "... strength of ENCR_3DES (112 bits)." Otherwise it might
>cause confusion, because some will think that this rules out 128-bit
>keys, which isn't the intent.
As noted on the list, not everyone agrees that the effective strength
of TripleDES is 112 bits, given differing values for amount of RAM
and so on. I think it is better to just leave it as "effective
strength" and let folks decide what that means.
If anyone reads the sentence and think that it means that AES-128
(which is listed as a SHOULD) is weaker than TripleDES, well, I don't
think I would call them an implementer that we need to worry about...
--Paul Hoffman, Director