[1527] in bugtraq
Re: Strength of Triple-DES
daemon@ATHENA.MIT.EDU (David Miller)
Tue Apr 18 19:13:45 1995
Date: Tue, 18 Apr 1995 11:35:32 -0400 (EDT)
From: David Miller <isdmill@gatekeeper.ddp.state.me.us>
To: Dave Stagner <stagda@sys1.ic.ncs.com>
Cc: bugtraq@fc.net
In-Reply-To: <9504131801.AA26473@tiffin.ic.ncs.com>
On Thu, 13 Apr 1995, Dave Stagner wrote:
> As I understand it, triple-DES is not simply "three times stronger"
> than regular DES, but actually an order of magnitude stronger. Rather
> than encrypting three times, you encrypt, decrypt, and encrypt again
> with different keys. And trying to decrypt garbage is far more
> difficult than decrypting plaintext.
128 bit keys are much more than an order of magnitude stronger than 56
bit keys, but if you're only mapping 7 bytes -> 7 bytes I'm not sure
it really matters.....
>
> I realize that the primary method of crack is guessing weak passwords,
> but it also attempts to decrypt. And given the weakness of
Since when?
First, unix passwords (which this thread started discussing) aren't
DES encrypted: they are used as a key to encrypt a piece of plain
text with a variation of DES. It is generally accepted that this
encryption process is not reversible, thus making it unlikely that
crack is decrypting anything.
> single-DES, it isn't that hard. So anything that improves
> cryptographic strength is good. Also, it reduces the harm caused by
> weak passwords, and adds value to strong passwords.
Sorry, but weak passwords will be just as vulnerable with stong
cryptography as weak - using a word in the GECOS field will yield a
password to crack no matter the encryption used.
It *would* increase the value of good passwords, as long as those
passwords are not broadcast in the clear, written down and posted on
monitors, etc.
> I also realize that the ideal solution would be to eliminate fixed
> passwords and replace them with some sort of double-blind,
> smart-client scheme. But it won't work, not as long as we're
> dependent on existing clients like telnet and ftp working. I'd say
> that we're pretty much stuck with the current methodology as long as
> we're stuck with unix and the Internet. That leaves improving the
> existing scheme as our best hope. If you have any *feasable*
> solutions, I'd be very interested.
Actually, something like telnet and ftp *require* intelligent devices
on the other end, thus lending themselves to secure adaptations of the
protocol. And I believe that these options are beginning to creep
in. One of the best ways to deal with this is with public key
cryptography, which is patented until next year.
Perhaps in a years time things will be very different:)
> --
> * David Faron Stagner
> * National Computer Systems david_stagner@ic.ncs.com
> * 2510 N Dodge St vox 319 354 9200 ext 6884
> * Iowa City, IA 52244 fax 319 339 6555
> I disclaim my employer and I'm sure they'd disclaim me too.
>
> (This .sig has been sanitized for your protection)
>
>
>
----------------------------------------------------------------------------
It's *amazing* what one can accomplish when
one doesn't know what one can't do!
