[19395] in bugtraq
Re: Nortel CES (3DES version) offers false sense of security when
daemon@ATHENA.MIT.EDU (Rogier Wolff)
Tue Feb 27 16:37:14 2001
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Message-ID: <200102270811.JAA04178@cave.bitwizard.nl>
Date: Tue, 27 Feb 2001 09:11:28 +0100
Reply-To: Rogier Wolff <R.E.Wolff@BITWIZARD.NL>
From: Rogier Wolff <R.E.Wolff@BITWIZARD.NL>
X-To: spitko@HOTMAIL.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <8CB7F81A5D17D31197A60008C7EBE37103341C9B@helsrv01.vaisala.com>
from "spitko@HOTMAIL.COM" at "Feb 26, 2001 11:21:51 am"
spitko@HOTMAIL.COM wrote:
> CES 1510D; D stands for domestic == 128 bits version). For some reason
> stickers on shipping package says 128 bit encryption and documentation
> states 168 bits (== 3*56 bits DES) encryption.
I don't know where people get their information, but tripple-DES uses
a 112 bit key. How they can advertize 128, or even 168 bits of keys I
don't know.
Triple DES is triple because you run the plaintext through DES three
times, however you use only two different keys.
Why? There is a "meet in the middle" approach that allows you to figure
out the keys on a "triple-DES-with-three-keys" in a brute-force attack
of complexity 2^112. (*)
So even if they don't do the standard triple-DES with two keys, they
should only claim 112bit security, not one bit more.
Now this "meet in the middle" attack is over my head. I haven't the
foggiest how one would go about this. And it's been over 10 years
since I last took a cryptography class. So, better trust the experts
on this than me.
Roger.
(*) Remember a few years ago, some guys from Israel managed to "break"
single-DES with a meet-in-the-middle attack. Turns out their attack is
of complexity 2^56 (or thereabouts), even if the original DES would've
used a 64 bit key instead of the 56bit key in the standard.
--
** R.E.Wolff@BitWizard.nl ** http://www.BitWizard.nl/ ** +31-15-2137555 **
*-- BitWizard writes Linux device drivers for any device you may have! --*
* There are old pilots, and there are bold pilots.
* There are also old, bald pilots.
