[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Antwort: Re: [FW-1] Des / 3des

To: [email protected]
Subject: Re: [FW-1] Antwort: Re: [FW-1] Des / 3des
From: Crist Clark <[email protected]>
Date: Fri, 17 May 2002 12:53:56 -0700
Organization: Globalstar Communications
References: <[email protected]>
Reply-To: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Marcus Brosda wrote:
>
> Hi,
>
> the difference between the 112-bit and the 168-bit version is, that the 168-bit
> version uses three keys with 56 bit length and encrypts the message with key A,
> then key B and then key C.
>
> The 112-bit version has only two keys of 56-bit length and encrypts the message
> first with key A, then with key B and then again with key A.
>
> In both cases the message is encrypted three times (3des) with a summary of 168
> bit key length. But the effective key length of the both algorithms differ.

No, this is not correct. In many 3DES implementations you do use three keys. One
key, k1, is used to encrypt the block, k2 is used to "decrypt" (note that
"decrypting" just means the reverse of DES, reverse-DES encrypts just as well as
DES), and then k3 is used to encrypt again.

Yes, 168-bits of keying material is used. But it only equivalent to 112-bits of
protection. There is a known attack on DES that reduces the keyspace on successive
encryptions (it's not all that practical, but it exists). This is why a "2DES,"
algorthim is essentially useless and cannot be used to give 112-bits of protection.

You can actually do 3DES with 112-bits of key, encrypt with k1, decrypt with k2,
and encrypt with k1, and it is just as secure as using three separate keys.

3DES also has the property that if you use a single key for all three steps,
the algorithm reduces to DES with the same key which may be useful for
interoperability.
--
Crist J. Clark                               [email protected]
Globalstar CommunicationsThe information contained in this e-mail message is confidential,
intended only for the use of the individual or entity named above.
If the reader of this e-mail is not the intended recipient, or the
employee or agent responsible to deliver it to the intended recipient,
you are hereby notified that any review, dissemination, distribution or
copying of this communication is strictly prohibited.  If you have
received this e-mail in error, please contact [email protected]

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

References:
- [FW-1] Antwort: Re: [FW-1] Des / 3des
  - From: Marcus Brosda <[email protected]>

Prev by Date: Re: [FW-1] RBL List?
Next by Date: Re: [FW-1] license for 4.1 and NG same ?!??!
Prev by thread: [FW-1] Antwort: Re: [FW-1] Des / 3des
Next by thread: Re: [FW-1] Antwort: Re: [FW-1] Des / 3des
Index(es):
- Date
- Thread