RE: Security Use Requirements

[Michael Eisler <mre@zambeel.com>]

Why use DES, which is slow for software implementations, when AES
is there, is fast, and has little dispute about its safety?

draft-ietf-ipsec-ciph-aes-cbc-01.txt proposes a means
for using AES in IPsec.

draft-ietf-tls-ciphersuite-03.txt proposes a means for
using AES in TLS.

3DES is really, really slow for software to the point of being impractical.
While one can always mandate it for implementation, in practice I doubt any
customer using a software 3DES over ips will want to use it.

	-mre

> At 15:20 07/02/01, Joshua Tseng wrote:
> 
> >It's often been said that the only thing worse than NO SECURITY
> >is the ILLUSION of security.  
> 
> Some security keeps the kiddies away, no security doesn't.
> I'd much rather have DES-CBC than nothing, because it visibly
> increases the work function for the adversary.
> 
> >Single DES is known to be cracked.
> 
> That is a false statement.  It hasn't been cracked.  The best
> attack known in the public literature is Biham-Shamir, which 
> requires ~O(2^^56) operations and some non-trivial preconditions.  
> There have been some specific brute-force attacks on DES that worked, 
> but they weren't real-time attacks and required a significant amount 
> of computational power.
> 
> I'm not arguing against 3DES in preference to DES-CBC, but it 
> is just wrong to claim either that DES-CBC is cracked or 
> that running in the clear is better than running with DES-CBC
> (assumes reasonable cryptographic authentication in all cases).
> Note also that my comments are constrained to what is in the 
> published literature...
> 
> Ran
> rja@inet.org
> 
>