[Ach] about the 3DES thing again

Adi Kriegisch adi at kriegisch.at
Tue Dec 3 14:58:37 CET 2013


> We’re aware of that and that’s basically the reason why we excluded them from our TLS configurations.
> My issue still being: Why include a paragraph on 3DES then anyways? I think that’s pretty useless. And does not apply to TLS/SSL.
In my opinion it is the main target group (sysadmins) that just see the
"168bit" in OpenSSL output, see the "128bit or more" recommendation and
start using 3DES or assume a mistake in the paper because they (1) do not
know that 3DES actually provides 112bit of security at the moment and (2)
consists of 64bit primitives that probably warant for even more fun.
Therefor I'd just mention 3DES explicitly...

-- Adi

PS: Or, we leave it as it is and point interested people to this discussion
on the mailinglist... :-)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 827 bytes
Desc: Digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20131203/f2c0e3f7/attachment.sig>

More information about the Ach mailing list