|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: Security Use RequirementsWhy use DES, which is slow for software implementations, when AES is there, is fast, and has little dispute about its safety? draft-ietf-ipsec-ciph-aes-cbc-01.txt proposes a means for using AES in IPsec. draft-ietf-tls-ciphersuite-03.txt proposes a means for using AES in TLS. 3DES is really, really slow for software to the point of being impractical. While one can always mandate it for implementation, in practice I doubt any customer using a software 3DES over ips will want to use it. -mre > At 15:20 07/02/01, Joshua Tseng wrote: > > >It's often been said that the only thing worse than NO SECURITY > >is the ILLUSION of security. > > Some security keeps the kiddies away, no security doesn't. > I'd much rather have DES-CBC than nothing, because it visibly > increases the work function for the adversary. > > >Single DES is known to be cracked. > > That is a false statement. It hasn't been cracked. The best > attack known in the public literature is Biham-Shamir, which > requires ~O(2^^56) operations and some non-trivial preconditions. > There have been some specific brute-force attacks on DES that worked, > but they weren't real-time attacks and required a significant amount > of computational power. > > I'm not arguing against 3DES in preference to DES-CBC, but it > is just wrong to claim either that DES-CBC is cracked or > that running in the clear is better than running with DES-CBC > (assumes reasonable cryptographic authentication in all cases). > Note also that my comments are constrained to what is in the > published literature... > > Ran > rja@inet.org > >
Home Last updated: Tue Sep 04 01:05:33 2001 6315 messages in chronological order |