- From: Christian Geuer-Pollmann <geuer-pollmann@nue.et-inf.uni-siegen.de>
- Date: Tue, 30 Oct 2001 21:35:26 +0100
- To: XML Encryption WG <xml-encryption@w3.org>
- Cc: Joseph Reagle <reagle@w3.org>
Hi,
A TripleDES-Key in the mode with three independant DES-keys has a
cryptographic strength of 168 bit while the key material including the
parity bits is 192 bit.
My question is: what do we transfer between entities? In Section "5.4.1 RSA
Version 1.5", there is a statement:
"The key is 168 bits for TRIPLEDES and
128, 192, or 256 bits for AES."
Additionally, in section "5.6.2 CMS Triple DES Key Wrap" is the statement
"XML Encryption implementations MUST
support TRIPLEDES wrapping of
168 bit keys."
But do we really transfer 168 bit and have to add parity bits after
transfer? Most cryptographic software packages export and import 192 bit
3DES-keys instead of 168 bit. If we look at [CMS-Wrap] which was the base
for the processing in section "5.6.2 CMS Triple DES Key Wrap", Russell
Housley always works with 192 bit for a 3DES-key. This key length is also
used in the example test vectors.
So my vote is to change the occurences of "168 bit keys" to to "192 bit
keys". Additionally, we should add a statement that a 192 bit 3DES-key has
only an effective key length (strength) of 168 bit.
Best regards,
Christian
[CMS-Wrap]
http://www.ietf.org/internet-drafts/draft-ietf-smime-key-wrap-01.txt
Received on Tuesday, 30 October 2001 15:33:01 UTC