← Back to team overview

sslug-teknik team mailing list archive

  1. sslug-teknik team
  2. Mailing list archive
  3. Message #80103

3DES sikkerhed (var: Findes et os pop3 system, der er let at administrere og som er sikkert?)

  Thread PreviousDate PreviousThread Next 
Anders Melchiorsen wrote:

Egon Andersen <post@xxxxxxxxx> skrev:



Jon Bendtsen wrote:



[...]



3DES        <----- usikkert



[...]



Hvorfor er det lige 3DES skulle være usikker?



Det blev diskuteret, sidst Jon kom med påstanden:

   http://www.sslug.se/emailarkiv/teknik/2004_11/msg00359
Jeg checkede diskussionen, men der var vist mest påstande, ikke mange referencer til underbyggelse. 

Jeg googlede lidt og fandt:

http://www.freeswan.org/freeswan_trees/CURRENT-TREE/doc/politics.html

<citat>
Triple DES is almost certainly secure
Triple DES, usually abbreviated 3DES, applies DES three times, with three different keys. DES seems to be basically an excellent cipher design; it has withstood several decades of intensive analysis without any disastrous flaws being found. It's only major flaw is that the small keyspace allows brute force attacks to succeeed. Triple DES enlarges the key space to 168 bits, making brute-force search a ridiculous impossibility.
3DES is currently the only block cipher implemented in FreeS/WAN. 3DES is, unfortunately, about 1/3 the speed of DES, but modern CPUs still do it at quite respectable speeds. Some speed measurements for our code are available. 
</citat>

Det der kan siges om 3DES sårbarhed er:

<citat>
3DES (Triple DES)
Using three DES encryptions on a single data block, with at least two different keys, to get higher security than is available from a single DES pass. The three-key version of 3DES is the default encryption algorithm for Linux FreeS/WAN .
IPsec always does 3DES with three different keys, as required by RFC 2451. For an explanation of the two-key variant, see two key triple DES. Both use an EDE encrypt-decrypt-encrpyt sequence of operations. 

    Single DES is insecure.
Double DES is ineffective. Using two 56-bit keys, one might expect an attacker to have to do 2^112 work to break it. In fact, only 2^57 work is required with a meet-in-the-middle attack, though a large amount of memory is also required. Triple DES is vulnerable to a similar attack, but that just reduces the work factor from the 2^168 one might expect to 2^112. That provides adequate protection against brute force attacks, and no better attack is known. 
</citat>
Dvs. det er "meet-in-the-middle attack", hvilket ikke er ren og skær brute-force, hvor man blot prøver med forskellige nøgler. "meet-in-the-middle attack" kræver udover cpu-kraft også enorm data-lagringskapacitet. 

Se også:
http://www.freeswan.org/freeswan_trees/CURRENT-TREE/doc/glossary.html#meet
Så at påstå 3DES er usikker kan vist ikke udledes heraf eller fra nogen anden dokumentation. 

Med venlig hilsen
Egon Andersen

Follow ups

References

  Thread PreviousDate PreviousThread Next