Bruno Treguier wrote:
>
> Ben:
> > Is that true keylength or effective keylength? 3DES has an effective
> > keylength of 112 bits.
>
> Well, first of all I have to present my apologies to the list for my
> double posting the other day. Seems that I slipped on the "send" key
> before finalizing my message...
>
> Now, about the effective key length vs true key length, my intention
> here is not to start a "holy war" about this particular problem which
> is far beyond my understanding (I'm in no way a cryptography specialist),
> but what I've read about it (several times, and from several sources,
> one of which being the excellent cryptography FAQ from RSA labs) is
> that this 3DES "weakness" is theoretical, and that to reduce the
> effective key length to 112 bits, and be able to conduct a known
> plaintext attack against it, you have to be able to store 2^56 bits
> (which is about 8192 _terabytes_) of data...
>
> Anyway, French laws aren't that specific. All they talk about is a
> "key length", so even if you're right, Ben, I don't want to get into
> trouble just because a pen pusher will have made the wrong assumption.
> ;-)
That's up to you, but I don't know _anyone_ who thinks that 3DES is more
than 128 bit, in any meaningful sense. Well, not anyone who knows what
they're talking about, anyway.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
- Indira Gandhi
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
