Re: Nortel CES (3DES version) offers false sense of securitywhen usi ng IPSEC

[Luciano Miguel Ferreira Rocha <strange () nsk yi org>]

On Wed, Feb 28, 2001 at 03:06:22PM +0100, Rogier Wolff wrote:
> Why is DES keyed with 56 bits, and not 64? Nobody seemed to know until
> a few years ago someone showed that keyed with 56 or 64 bits,
> cryptanalysis of DES requires 2^56 operations.

Actually, DES only uses 56 bits of the key, the high order bits of each byte
aren't used anywhere in the algorithm, so the 56 bits definition. But you
still much suply 8 bytes for the key, not such 7.

> The same should be done
> with 3DES: If cryptanalysis can be done in 2^112 operations, it should
> be keyed with 112 bits, and not with an arbitrarily higher number.
>
> (now if you do the 112->168 expansion of the key foolishly, you may
> end up with an even weaker encryption scheme than 112 bits. But the
> smart guys proved that you can key with 112 bits and still require
> 2^112 operations to crack it)

3DES requires 3 keys, each of 8 bytes in length, totalizing 192 bits, of which only 168 are used (3*56). And of those, 
which are the 112 only used bits? I don't believe it works that way, so why the "112-168" bit expansion? And how can I 
key with only 112 bits? Which ones do I remove?

> 168 bits of security, then things go wrong. The good guys believe the
> ads. The bad guys know better: 3DES only offers 112 bits of security.
> This is BAD!

3DES is 3 times the use of a old algorithm, it's not that strong, and it's
terribly slow (in software), so why should anyone use it?

hugs
        Luciano Rocha