In message <[EMAIL PROTECTED]>, Aram Perez writes:
>Hi Folks,
>I hate to bother you with what I consider a dumb question, but I'm 
>trying to give a person the benefit of my doubts. There's a person on a 
>legal forum that I participate in that claims that 3DES has been 
>broken/cracked. However, he has not provided any documentation to the 
>effect as his "time at present is limited and valuable". He claims that 
>"the specifics were already posted on this and several other similar 
>forums". Other than Ross Anderson and his students extracting a 3DES 
>key from an IBM4758, has 3DES been in fact broken?
>Thank you,
>Aram Perez
>[Moderator's note: The quick answer is no. The person who claims
> otherwise is seriously misinformed. I'm sure others will chime
> in. --Perry]

I'll be happy to second Perry's comment -- I've seen no evidence 
whatsoever to suggest that it's been broken.  But there are some 
applications where it's a bad choice for cryptographic reasons.

When using CBC mode, one should not encrypt more than 2^32 64-bit 
blocks under a given key.  That comes to ~275G bits, which means that 
on a GigE link running flat out you need to rekey at least every 5 
minutes, which is often impractical.  Since I've seen Gigabit Ethernet 
cards for <US$25, this bears thinking about -- and while 10GigE is 
still too expensive for most people, its prices are dropping rapidly.
With 10GigE, you'd have to rekey every 27.5 seconds...

For reference purposes, with AES you'd be safe for 2^64*128 bits.  
That's a Big Number of seconds.

                --Prof. Steven M. Bellovin,

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to