[19436] in bugtraq
Re: Nortel CES (3DES version) offers false sense of securitywhen
daemon@ATHENA.MIT.EDU (Casper Dik)
Wed Feb 28 17:26:25 2001
Message-ID: <200102281726.SAA06224@romulus.Holland.Sun.COM>
Date: Wed, 28 Feb 2001 18:26:30 +0100
Reply-To: Casper Dik <Casper.Dik@HOLLAND.SUN.COM>
From: Casper Dik <Casper.Dik@HOLLAND.SUN.COM>
X-To: Rogier Wolff <R.E.Wolff@BITWIZARD.NL>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: Your message of "Wed, 28 Feb 2001 10:37:46 +0100."
<200102280937.KAA32671@cave.bitwizard.nl>
>So, I need 56+59 = 115 bits of security to approve an algorithm for my
>protocol. If 3DES is advertized as having 168 bit security, I'd
>happily go for 3DES: 53 bits to spare! However, since 3DES only has
>112 bit strength (even when keyed with 168 bits), this decision is
>wrong!
>
>This is why it is important that if 3DES has 112 bit security, it is
>advertized as such, even when now 112 bits is just as impractical for
>us as 168 bits.
I find this a really odd way of looking at things.
Being conservative about the computing power needed is one thing,
but requiring protocols to be advertised on their currently "known
strength" is rather odd. Wasn't DES cryptanalyzed back to 48 or 46 bits?
I also believe that getting to 112 bits in 20 years is overly optimistic;
and bruteforcing 3DES is considerably harder than just brute forcing
any odd 112 algorithm.
Especially when compared to an algorithm like RC4 which has proven
to be harder to use safely than other equally strong algorithms.
Casper
