[1077] in Kerberos_V5_Development
Re: 3des question
daemon@ATHENA.MIT.EDU (Bill Sommerfeld)
Thu Apr 18 08:49:14 1996
To: Marc Horowitz <marc@MIT.EDU>
Cc: basch@lehman.com, krbdev@MIT.EDU, perry@piermont.com
In-Reply-To: Your message of "Thu, 18 Apr 1996 04:06:03 EDT ."
<9604180806.AA27133@beeblebrox.MIT.EDU>
Date: Thu, 18 Apr 1996 08:42:46 -0400
From: Bill Sommerfeld <sommerfeld@orchard.medford.ma.us>
-----BEGIN PGP SIGNED MESSAGE-----
well, I'm not perry, but I've clearly been following ipsec more than
you have.. :-)
The MD5(key, data, key) and MD5(key, pad, data, key) forms of keyed
hashes are now passe', while
MD5(key1, pad1, MD5(key2, pad2, data))
is now all the rage.
See the ipsec archives for details..
This hash is still only good for 2^128 bits. Triple-des gives us
2^168 bits of key. There is clearly a potential for collision here.
Does this really matter? Perry, have you addressed this issue in your
IPSEC implementation work?
if you're that paranoid, use SHA (which gives a 160 bit hash). If you
can break 2^160 but not 2^168, something strange is going on.... :-)
- Bill
-----BEGIN PGP SIGNATURE-----
Version: 2.6.1
iQCVAwUBMXY4wrT+rHlVUGpxAQGaUQP/SogXBwX6paM7VgZ942LXczg/5NFkrTZ4
ZEMZlWsWFHmyrUqncHTaStUZYmjpv3OTx3G3ZrYJN8eimjBuMHOS2fklxy3efAZf
3GddkZys1fABUtygry9d0iHiki35wxw7L3G+lfP23kV0cfNlW6F+NoEnIgGhs6M6
CEIov2H6qiY=
=z4E+
-----END PGP SIGNATURE-----
