SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    RE: Security Use Requirements



    Why use DES, which is slow for software implementations, when AES
    is there, is fast, and has little dispute about its safety?
    
    draft-ietf-ipsec-ciph-aes-cbc-01.txt proposes a means
    for using AES in IPsec.
    
    draft-ietf-tls-ciphersuite-03.txt proposes a means for
    using AES in TLS.
    
    3DES is really, really slow for software to the point of being impractical.
    While one can always mandate it for implementation, in practice I doubt any
    customer using a software 3DES over ips will want to use it.
    
    	-mre
    
    > At 15:20 07/02/01, Joshua Tseng wrote:
    > 
    > >It's often been said that the only thing worse than NO SECURITY
    > >is the ILLUSION of security.  
    > 
    > Some security keeps the kiddies away, no security doesn't.
    > I'd much rather have DES-CBC than nothing, because it visibly
    > increases the work function for the adversary.
    > 
    > >Single DES is known to be cracked.
    > 
    > That is a false statement.  It hasn't been cracked.  The best
    > attack known in the public literature is Biham-Shamir, which 
    > requires ~O(2^^56) operations and some non-trivial preconditions.  
    > There have been some specific brute-force attacks on DES that worked, 
    > but they weren't real-time attacks and required a significant amount 
    > of computational power.
    > 
    > I'm not arguing against 3DES in preference to DES-CBC, but it 
    > is just wrong to claim either that DES-CBC is cracked or 
    > that running in the clear is better than running with DES-CBC
    > (assumes reasonable cryptographic authentication in all cases).
    > Note also that my comments are constrained to what is in the 
    > published literature...
    > 
    > Ran
    > rja@inet.org
    > 
    > 
    
    


Home

Last updated: Tue Sep 04 01:05:33 2001
6315 messages in chronological order