RE: 168 vs 192 bit using 3DES

I think that is the point, the document must clearly separate:

1)	The transport key size
2)	The actualy key size
3)	[The known upper bound to] the effective key size

It is actually quite significant if you turn out to need to generate 192
bits of randomness to use 168 of them in a key and end up only getting 112
bits worth of security.

		Phill

Phillip Hallam-Baker FBCS C.Eng.
Principal Scientist
VeriSign Inc.
pbaker@verisign.com
781 245 6996 x227


> -----Original Message-----
> From: Aram Perez [mailto:aperez@wavesys.com]
> Sent: Wednesday, October 31, 2001 1:23 PM
> To: XML Encryption WG
> Subject: Re: 168 vs 192 bit using 3DES
> 
> 
> 
> 
> Folks,
> 
> Don't confuse transport issues with key size. Just like a DES 
> key is 56
> bits but always (by defacto convention) transported in 64 
> bits, a 3DES key
> is only 168 bits but is it transported in 192 bits.
> 
> Regards,
> Aram Perez
> 
> 
> 
> 
> 
> "Donald E. Eastlake 3rd" <dee3@torque.pothole.com> on 
> 10/31/2001 09:02:24
> AM
> 
> To:   Christian Geuer-Pollmann 
> <geuer-pollmann@nue.et-inf.uni-siegen.de>
> cc:   XML Encryption WG <xml-encryption@w3.org> (bcc: Aram 
> Perez/WAVE/US)
> 
> Subject:  Re: 168 vs 192 bit using 3DES
> 
> 
> 
> 
> 
> The early versions of the algorithms section called for 168 bit
> TripleDES keys without parity. However, a number of implementors
> complained that the libraries they used all expected 64/192 bit
> DES/TripleDES keys so it has been changed.  Any remaining 168s will be
> changed to 192.
> 
> Thanks,
> Donald
> 
> PS: Actually, due to meet in the middle, there are aguments that
> TripleDES has only 112 bits of strength.
> 
> From:  Christian Geuer-Pollmann 
> <geuer-pollmann@nue.et-inf.uni-siegen.de>
> Date:  Tue, 30 Oct 2001 21:35:26 +0100
> To:  XML Encryption WG <xml-encryption@w3.org>
> Cc:  Joseph Reagle <reagle@w3.org>
> Message-id:  <3750346809.1004477726@pinkpanther>
> 
> >Hi,
> >
> >A TripleDES-Key in the mode with three independant DES-keys has a
> >cryptographic strength of 168 bit while the key material 
> including the
> >parity bits is 192 bit.
> >
> >My question is: what do we transfer between entities? In 
> Section "5.4.1
> RSA
> >Version 1.5", there is a statement:
> >
> >   "The key is 168 bits for TRIPLEDES and
> >    128, 192, or 256 bits for AES."
> >
> >Additionally, in section "5.6.2 CMS Triple DES Key Wrap" is 
> the statement
> >
> >   "XML Encryption implementations MUST
> >    support TRIPLEDES wrapping of
> >    168 bit keys."
> >
> >But do we really transfer 168 bit and have to add parity bits after
> >transfer? Most cryptographic software packages export and 
> import 192 bit
> >3DES-keys instead of 168 bit. If we look at [CMS-Wrap] which 
> was the base
> >for the processing in section "5.6.2 CMS Triple DES Key 
> Wrap", Russell
> >Housley always works with 192 bit for a 3DES-key. This key 
> length is also
> >used in the example test vectors.
> >
> >So my vote is to change the occurences of "168 bit keys" to 
> to "192 bit
> >keys". Additionally, we should add a statement that a 192 
> bit 3DES-key has
> >only an effective key length (strength) of 168 bit.
> >
> >
> >Best regards,
> >Christian
> >
> >[CMS-Wrap]
> >http://www.ietf.org/internet-drafts/draft-ietf-smime-key-wrap-01.txt
> 
> 
> 
> 
>