[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: is 3des secure??

On Mon, Nov 26, 2001 at 09:04:59AM +0900, Howland, Curtis wrote:
> While this may be whipping a greasy stain on the road, it is true that
> 3DES was created "by the government" back when private cryptology was
> difficult or unknown. I believe it is prudent to consider that it was
> allowed to be used because of practical cracking available to the crypto
> experts.
    It wasn't "allowed" to be used, the government promulgated DES as a
    standard for banks and other high security industries because it was
    the best they could find at the time to do the job. 

    It has withstood a great deal of cryptoanalysis over the last couple
    decades, and has held up fairly well. It's only real weakness has
    been it's key-length. 

    While there may be some people in the government who would be happy
    to promulgate a broken standard to make their data-collection
    easier, wiser heads realize that if it's broken for "our" side (note
    quotes) it's broken for "the other side" as well.

    3DES "effectively" triples the key-length for DES, and for SSH
    sessions, it's quite good enough. 
> I'm not referring to a back-door, just a known method such as a hardware
> based method for cracking in near-real time.

    3DES is more than strong enough for *today*, it's just that in the
    near future it won't be. 

> However, 3DES is likely strong enough for normal people. If you're
> trying to keep things from "them", they are already reading your screen
> and keyboard strokes directly by their radion emissions from accross the
> street.

    No, they've tapped your machine, and theres a minature camera
    looking over your shoulder from the air-vent in the room. 

Share and Enjoy. 

Reply to: