W3C home > Mailing lists > Public > xml-encryption@w3.org > October 2001

Re: 168 vs 192 bit using 3DES

From: Aram Perez <aperez@wavesys.com>
Date: Wed, 31 Oct 2001 10:23:00 -0800
To: XML Encryption WG <xml-encryption@w3.org>
Message-ID: <85256AF6.0064E853.00@mail2.wavesys.com>


Don't confuse transport issues with key size. Just like a DES key is 56
bits but always (by defacto convention) transported in 64 bits, a 3DES key
is only 168 bits but is it transported in 192 bits.

Aram Perez

"Donald E. Eastlake 3rd" <dee3@torque.pothole.com> on 10/31/2001 09:02:24

To:   Christian Geuer-Pollmann <geuer-pollmann@nue.et-inf.uni-siegen.de>
cc:   XML Encryption WG <xml-encryption@w3.org> (bcc: Aram Perez/WAVE/US)

Subject:  Re: 168 vs 192 bit using 3DES

The early versions of the algorithms section called for 168 bit
TripleDES keys without parity. However, a number of implementors
complained that the libraries they used all expected 64/192 bit
DES/TripleDES keys so it has been changed.  Any remaining 168s will be
changed to 192.


PS: Actually, due to meet in the middle, there are aguments that
TripleDES has only 112 bits of strength.

From:  Christian Geuer-Pollmann <geuer-pollmann@nue.et-inf.uni-siegen.de>
Date:  Tue, 30 Oct 2001 21:35:26 +0100
To:  XML Encryption WG <xml-encryption@w3.org>
Cc:  Joseph Reagle <reagle@w3.org>
Message-id:  <3750346809.1004477726@pinkpanther>

>A TripleDES-Key in the mode with three independant DES-keys has a
>cryptographic strength of 168 bit while the key material including the
>parity bits is 192 bit.
>My question is: what do we transfer between entities? In Section "5.4.1
>Version 1.5", there is a statement:
>   "The key is 168 bits for TRIPLEDES and
>    128, 192, or 256 bits for AES."
>Additionally, in section "5.6.2 CMS Triple DES Key Wrap" is the statement
>   "XML Encryption implementations MUST
>    support TRIPLEDES wrapping of
>    168 bit keys."
>But do we really transfer 168 bit and have to add parity bits after
>transfer? Most cryptographic software packages export and import 192 bit
>3DES-keys instead of 168 bit. If we look at [CMS-Wrap] which was the base
>for the processing in section "5.6.2 CMS Triple DES Key Wrap", Russell
>Housley always works with 192 bit for a 3DES-key. This key length is also
>used in the example test vectors.
>So my vote is to change the occurences of "168 bit keys" to to "192 bit
>keys". Additionally, we should add a statement that a 192 bit 3DES-key has
>only an effective key length (strength) of 168 bit.
>Best regards,
Received on Wednesday, 31 October 2001 13:18:56 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:32:02 UTC