[852] in cryptography@c2.net mail archive
Re: usage of triple-DES
daemon@ATHENA.MIT.EDU (Angelos D. Keromytis)
Thu May 15 22:35:50 1997
To: Rodney Thayer <rodney@sabletech.com>
cc: cryptography@c2.net
In-reply-to: Your message of "Thu, 15 May 1997 19:49:04 EDT."
<3.0.1.32.19970515194904.00774070@pop3.pn.com>
Date: Thu, 15 May 1997 22:16:30 +0100
From: "Angelos D. Keromytis" <angelos@dsl.cis.upenn.edu>
In message <3.0.1.32.19970515194904.00774070@pop3.pn.com>, Rodney Thayer writes
:
>I'm configuring Triple DES for use in IPsec. I get the
>impression that most but not all Triple-DES implementations use
>TWO keys (2x56 bits, padded with parity to 128 bits) and ONE IV
>(64 bits.) This matches the description in Schneier's book
>(Encrypt with Key1, Decrypt with Key2, Encrypt with Key1.)
>However, later in the second edition he recommends the use of
>THREE keys not two. Also I see <a major cryptographic
>technology vendor> allows for "24 bytes" (I take this means
>three keys) in their Triple-DES EDE software. I'm interested
>in implementing but polite manner. I think I should use two
>keys. Any comments? Anyone else looking at Triple-DES for IPsec?
>
draft-ietf-ipsec-esp-3des-md5-00.txt, which is the latest draft (not
for long i suspect) indicates the method to use. Other than that, if
you can use 3 keys go for it. Remember though that the way most KMPs
for IPsec work, you'll derive all your keys from one shared secret
value. Finally, it's easier to have code that supports 3 different
keys and then (if need be) simulate 2 key EDE.
Cheers,
-Angelos
