Re: 168 vs 192 bit using 3DES

The early versions of the algorithms section called for 168 bit
TripleDES keys without parity. However, a number of implementors
complained that the libraries they used all expected 64/192 bit
DES/TripleDES keys so it has been changed.  Any remaining 168s will be
changed to 192.

Thanks,
Donald

PS: Actually, due to meet in the middle, there are aguments that
TripleDES has only 112 bits of strength.

From:  Christian Geuer-Pollmann <geuer-pollmann@nue.et-inf.uni-siegen.de>
Date:  Tue, 30 Oct 2001 21:35:26 +0100
To:  XML Encryption WG <xml-encryption@w3.org>
Cc:  Joseph Reagle <reagle@w3.org>
Message-id:  <3750346809.1004477726@pinkpanther>

>Hi,
>
>A TripleDES-Key in the mode with three independant DES-keys has a 
>cryptographic strength of 168 bit while the key material including the 
>parity bits is 192 bit.
>
>My question is: what do we transfer between entities? In Section "5.4.1 RSA 
>Version 1.5", there is a statement:
>
>   "The key is 168 bits for TRIPLEDES and
>    128, 192, or 256 bits for AES."
>
>Additionally, in section "5.6.2 CMS Triple DES Key Wrap" is the statement
>
>   "XML Encryption implementations MUST
>    support TRIPLEDES wrapping of
>    168 bit keys."
>
>But do we really transfer 168 bit and have to add parity bits after 
>transfer? Most cryptographic software packages export and import 192 bit 
>3DES-keys instead of 168 bit. If we look at [CMS-Wrap] which was the base 
>for the processing in section "5.6.2 CMS Triple DES Key Wrap", Russell 
>Housley always works with 192 bit for a 3DES-key. This key length is also 
>used in the example test vectors.
>
>So my vote is to change the occurences of "168 bit keys" to to "192 bit 
>keys". Additionally, we should add a statement that a 192 bit 3DES-key has 
>only an effective key length (strength) of 168 bit.
>
>
>Best regards,
>Christian
>
>[CMS-Wrap] 
>http://www.ietf.org/internet-drafts/draft-ietf-smime-key-wrap-01.txt

Received on Wednesday, 31 October 2001 12:04:42 UTC