Re: is 3des secure??
On Mon, Nov 26, 2001 at 09:04:59AM +0900, Howland, Curtis wrote:
> While this may be whipping a greasy stain on the road, it is true that
> 3DES was created "by the government" back when private cryptology was
> difficult or unknown. I believe it is prudent to consider that it was
> allowed to be used because of practical cracking available to the crypto
It wasn't "allowed" to be used, the government promulgated DES as a
standard for banks and other high security industries because it was
the best they could find at the time to do the job.
It has withstood a great deal of cryptoanalysis over the last couple
decades, and has held up fairly well. It's only real weakness has
been it's key-length.
While there may be some people in the government who would be happy
to promulgate a broken standard to make their data-collection
easier, wiser heads realize that if it's broken for "our" side (note
quotes) it's broken for "the other side" as well.
3DES "effectively" triples the key-length for DES, and for SSH
sessions, it's quite good enough.
> I'm not referring to a back-door, just a known method such as a hardware
> based method for cracking in near-real time.
3DES is more than strong enough for *today*, it's just that in the
near future it won't be.
> However, 3DES is likely strong enough for normal people. If you're
> trying to keep things from "them", they are already reading your screen
> and keyboard strokes directly by their radion emissions from accross the
No, they've tapped your machine, and theres a minature camera
looking over your shoulder from the air-vent in the room.
Share and Enjoy.