Re: The Cost of Snakeoil

EKR (ekr@terisa.com)
21 Jul 1998 20:35:14 -0700

• Next message: William R. Butler: "crypto math"
• Previous message: Eric Young: "Re: Crypto libraries"
• In reply to: Anonymous: "Crypto libraries"
• Next in thread: Lewis McCarthy: "Re: The Cost of Snakeoil"

Jim Gillogly <jim@acm.org> writes:

> Kriston J. Rehberg writes:
> >Remember, 3DES not necessarily DES taken three times; I believe the most
> >secure (and most popular) form takes the output of DES decrypted with
> >another key on the second pass and then encrypted again with DES with a
> >third key on the third pass.
>
> That's the most popular form of 3DES, but it's a compatibility issue
> rather than a security issue: if you run it with all three keys the
> same you get DES, so you can test your implementation against a real
> DES or interoperate with somebody who doesn't have 3DES. Encrypting
> for all three passes would be no less secure, so far as we know.
Wasn't one of the original advantages of EDE mode that it was
potentially safer if DES was a group? Since we now know that
it's not, that's no longer a consideration, of course.

-Ekr

-- 
[Eric Rescorla                             Terisa Systems, Inc.]
		"Put it in the top slot."

• Next message: William R. Butler: "crypto math"
• Previous message: Eric Young: "Re: Crypto libraries"
• In reply to: Anonymous: "Crypto libraries"
• Next in thread: Lewis McCarthy: "Re: The Cost of Snakeoil"