[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Antwort: Re: [FW-1] Des / 3des



> From: Marcus Brosda [mailto:[email protected]]
>
> Hi,
>
> the difference between the 112-bit and the 168-bit version is, that
the
> 168-bit
> version uses three keys with 56 bit length and encrypts the message
with
> key A,
> then key B and then key C.

Are you sure about that? Everything I've read to date shows that the
3DES uses 2 keys (56bit effective strength per key, or 112-bit key
space) with an Encrypt-Decrypt-Encrypt (EDE) sequence. Basically encrypt
with K1, decrypt with K2, encrypt with K1, then do the CBC on the EDE
block.

> The 112-bit version has only two keys of 56-bit length and encrypts
the
> message
> first with key A, then with key B and then again with key A.
>
> In both cases the message is encrypted three times (3des) with a
summary
> of 168
> bit key length. But the effective key length of the both algorithms
> differ.

If this is the case, how would two different IPsec devices negotiate the
3DES method used (i.e., 2 keys or 3 keys as you describe above)? I must
be missing something in the way IPsec utilizes 3DES. My understanding
was that there is one algorithm used, with either MD5 or SHA1 as HMAC.

Regards,

--- Gavin

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================