[Ach] about the 3DES thing again
azet at azet.org
Tue Dec 3 00:41:44 CET 2013
I gave some thought to what we discussed during the meeting. To keep people on track: We were talking whether we should add or remove the paragraph on 3DES that currently states:
One special remark is necessary for 3DES: here we want to note
that it theoretically has 168 bit security, however based on the NIST Special
pages 63 and 64}, it is clear that 3DES is only considered 80 bits / 112 bits.
This needs further discussion and feedback from other people on the ML.
1) We are critical of NIST (a bit too critical in my opinion) - yet we include a reference to a NIST publication citing security concerns with 1 or 2 key variants of 3DES (usually 3 keys for each iteration, yielding 168bit security)
2) I cannot find any popular SSLv3 library implementing 3DES with only one or two keys.   
3) So after all.. we exclude 3DES in example configurations, why include a statement on 3DES implementations that are not relevant to the paper? I’m sure they are out there. But they do not matter for us, right?
 - https://github.com/openssl/openssl/blob/master/crypto/des/des_enc.c
void DES_ede3_cbcm_encrypt(const unsigned char *in,unsigned char *out,
DES_key_schedule *ks1,DES_key_schedule *ks2,
DES_cblock *ivec1,DES_cblock *ivec2,
 - https://polarssl.org/des-source-code
#define DES_KEY_SIZE 8
int mode; /*!< encrypt/decrypt */
uint32_t sk; /*!< 3DES subkeys */
 - http://git.savannah.gnu.org/cgit/gnutls.git/tree/lib/nettle/cipher.c?id=0d004a210db5d220c896456a165c81264fa4454a#n76
des3_set_key(struct des3_ctx *ctx, const uint8_t *key)
int is_good = 1;
for (i = 0; i<3; i++, key += DES_KEY_SIZE)
if (!des_set_key(&ctx->des[i], key))
is_good = 0;
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 1091 bytes
Desc: Message signed with OpenPGP using GPGMail
More information about the Ach