I think it's safe to assume that 3DES is almost certainly a lousier choice
than AES or Camellia on multiple fronts.
Two key triple DES provides about 80-bits of security, and three key triple
DES provides 112-bits of security. Do you know which they are using?
AES-128 provides about 128-bits of security; and AES-256 provides about
256-bits of security.
If it was a new system, you probably would chose AES or Camellia. If they
are using three key triple DES with 112-bits of security, then there
shouldn't be any loud objections.
At those security levels, the adversary is not going to attack the block
cipher. They are going to attack the password or some other [weak] part in
the system.
Jeff
On Mon, Sep 8, 2014 at 4:00 PM, Gregory Sloop <gr...@sloop.net> wrote:
> Continuing top posting. [Which doesn't bother me nearly as much as it
> seems to bother others... ]
>
> Yes! That was a fantastic answer.
>
> ...
>
> [A while later]
> So, I need to run this down, but it looks like the easy-rsa script uses
> 3DES to do encryption - which seems incredibly foolish when we have aes-256
> available.
> [Though I suppose 3DES is less computationally expensive for weak
> processors - but still a bad trade-off, IMO.... Actually more reading seems
> to indicate that perhaps 3DES is harder for general purpose CPU, but with a
> smaller key-space. I'd guess a DES vs. AES specific processor would make
> DES far more vulnerable {pulling that guess from, well, you know where...
> :) }. ]
>
> I think it's safe to assume that 3DES is almost certainly a lousier choice
> than AES or Camellia on multiple fronts.
>
> I've posed a question to the OpenVPN folks, about the EasyRSA script, and
> it appears easy enough to change the encryption type in the script itself,
> which I'll do if they don't.
>
> Well, that was a fruitful question and personal research task. At least I
> *know* more about the situation than I did before. It may, or may not,
> change the entropy of my passwords, or make me do a lot different in the
> future - but even if it doesn't - I'm a lot more knowledgeable about what's
> going on and can make informed decisions about how to handle things from
> here on.
>
> So, thanks to all for your input.
>
> BTW, I especially like:
> If they can do a trillion (10^9) decryptions a second, they're still
> looking at around 10^22 years to recover the key. *They'll probably get
> bored before then.*
>
> Sort of like the 3DES vs AES discussion here:
>
> http://security.stackexchange.com/questions/26179/security-comparsion-of-3des-and-aes
> ...and quote ...
> "AES uses 128-bit blocks, for a limit of 2^128/2 blocks, i.e. 2^68 bytes,
> also known as "quite a lot of data"
>
> Thanks again!
> ...
>
