[3050] in cryptography@c2.net mail archive
Re: DES Applicability Statement for Historic Status
daemon@ATHENA.MIT.EDU (Matt Blaze)
Thu Jul 23 09:36:19 1998
To: "Arnold G. Reinhold" <reinhold@world.std.com>
cc: William Allen Simpson <wsimpson@greendragon.com>, cryptography@c2.net
In-reply-to: Your message of "Wed, 22 Jul 1998 20:27:05 EDT."
<v03130301b1dc2fdad0c3@[24.128.118.45]>
Date: Thu, 23 Jul 1998 03:26:25 -0400
From: Matt Blaze <mab@crypto.com>
>>I'm looking for additional references and comments for this prospective draft
,
>>although it must be kept as blunt and concise as possible. Any ideas?
>>
>
>Very nice work. A few comments:
>
>1. You should explicitly say that you are not recommending against use of
>triple DES in either its two key (112 bit) or three key implementation.
>There has already been confusion about the implications of the recent 56
>hour crack on 3DES.
>
>2. You need to defend the 80 bit minimum for short lived Internet data,
>perhaps referencing the crypto experts' report on key length. I think you
>are on shakier ground here than in the rest of the document. Some might
>think 64 bit or 72 bit keys are adequate for short term data if keys are
>changed frequently. I expect 80 bit keys to be good for a couple of decades.
>
If you mean the report in ftp://ftp.research.att.com/dist/mab/keylength,txt ,
we recommend that keys be no shorter than 90 bits in standards or protocols
designed to be used to protect data over the next 20 years. Keep in
mind that very few successful protocol standards end up having a deployed
lifetime much shorter than that. We wrote the report in late 1995, and
Moore's law has behaved approximately as expected since then, so you
should probably add about two bits to every keylength discussed there.
>3. What is the implication for Unix password encryption?
The problem with Unix passwords isn't the crypro algorithm, it's the tiny
keyspace (8 character typed passwords).
>
>4. You might want to mention RSA's parent company for a full reference.
>
>
>Regards,
>
>Arnold Reinhold
>
>
