[149081] in cryptography@c2.net mail archive
Re: [Cryptography] Boing Boing pushing an RSA Conference boycott
daemon@ATHENA.MIT.EDU (Peter Gutmann)
Thu Jan 16 09:16:33 2014
X-Original-To: cryptography@metzdowd.com
Date: Fri, 17 Jan 2014 01:22:40 +1300
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: hallam@gmail.com, j@me.net.nz
In-Reply-To: <CAM4zynhOqj1tvkidExWnwuuz1195d9jtFSQZaPcfp6=_x89Y9w@mail.gmail.com>
Cc: rsalz@akamai.com, cryptography@metzdowd.com
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
Jonathan Hunt <j@me.net.nz> writes:
>On Wed, Jan 15, 2014 at 12:48 PM, Phillip Hallam-Baker <hallam@gmail.com> wrote:
>> What then should we do about all the folk clinging to 3DES? How about the
>> people who stuck with MD5? How about the people who have not junked SHA-1?
>
>I don't think anyone recommends using these broken constructs in new projects
>(i.e. sets them as default in a cryptography library).
Since when was 3DES a broken construct? In fact in the early-mid 2000's there
were several papers published that made AES look a bit shaky (none of the
attacks were developed much further, but we didn't know that at the time), so
sticking to 3DES, with its extra quarter century of provenance, was a
perfectly sensible move. Even now, it's unlikely that any algorithm has
received as much attention and analysis as 3DES.
Peter.
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
