[16776] in cryptography@c2.net mail archive
Re: Is 3DES Broken?
daemon@ATHENA.MIT.EDU (james hughes)
Wed Feb 2 09:11:28 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <20050201033853.C55B43BFED4@berkshire.machshav.com>
Cc: Aram Perez <aramperez@mac.com>,
"Steven M. Bellovin" <smb@cs.columbia.edu>,
james hughes <hughejp@mac.com>
From: james hughes <hughejp@mac.com>
Date: Wed, 2 Feb 2005 06:19:33 -0500
To: Cryptography <cryptography@metzdowd.com>
On Jan 31, 2005, at 10:38 PM, Steven M. Bellovin wrote:
> When using CBC mode, one should not encrypt more than 2^32 64-bit
> blocks under a given key. That comes to ~275G bits, which means that
> on a GigE link running flat out you need to rekey at least every 5
> minutes, which is often impractical. Since I've seen Gigabit Ethernet
> cards for <US$25, this bears thinking about -- and while 10GigE is
> still too expensive for most people, its prices are dropping rapidly.
> With 10GigE, you'd have to rekey every 27.5 seconds...
>
> For reference purposes, with AES you'd be safe for 2^64*128 bits.
> That's a Big Number of seconds.
>
> --Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb
I would also like to reinforce Prof. Bellovin's comment that the 3DES
block size is too small.
In bulk storage system encryption, 3DES will require rekey every
~~65GBytes. Most PC's have more than this.
With AES the number is ~250 Exabytes (which is 250 billion gigabytes).
Thanks!
jim
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
