[19419] in bugtraq
Re: Nortel CES (3DES version) offers false sense of security when
daemon@ATHENA.MIT.EDU (L.W.)
Wed Feb 28 03:22:43 2001
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-ID: <006001c0a118$9132da90$0fb9030a@lwilliams2>
Date: Tue, 27 Feb 2001 15:53:21 -0800
Reply-To: "L.W." <eldub@POBOX.COM>
From: "L.W." <eldub@POBOX.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
----- Original Message -----
From: "Rogier Wolff" <R.E.Wolff@BITWIZARD.NL>
To: <BUGTRAQ@SECURITYFOCUS.COM>
Sent: Tuesday, February 27, 2001 12:11 AM
Subject: Re: Nortel CES (3DES version) offers false sense of security when
usi ng IPSEC
> I don't know where people get their information, but tripple-DES uses
> a 112 bit key. How they can advertize 128, or even 168 bits of keys I
> don't know.
>
> Triple DES is triple because you run the plaintext through DES three
> times, however you use only two different keys.
Hmm...
According to FIPS 46-3 (which is a good place to get information on triple
DES), there are three keying modes:
The standard specifies the following keying options for bundle (K1, K2, K3)
1. Keying Option 1: K1, K2 and K3 are independent keys;
2. Keying Option 2: K1 and K2 are independent keys and K3 = K1;
3. Keying Option 3: K1 = K2 = K3.
This means that 56bit, 112bit, and 168bit keys are all valid key lengths.
-LW
