Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
RE: [suse-security] which cipher for ssh2
  • From: "Reckhard, Tobias" <tobias.reckhard@xxxxxxxxxxx>
  • Date: Fri, 25 Jan 2002 11:30:55 +0100
  • Message-id: <96C102324EF9D411A49500306E06C8D1A56CF4@xxxxxxxxxxxxxxxxx>
> Wasn't arguing, was just making sure people understand that
> an 80 bit key, a
> 90 bit key and a 112 bit key are _SIGNIFICANTLY_ different

Agreed, people generally have difficulty grasping the exponential increase
in the difficulty to break a key by increasing its number of bits.

> Dah. But then you can do things like 3des which is usually 2
> keys for an
> effective length of 112, but the attacker has to do 3 crypto
> operations, so
> an attack becomes expensive. Imagine the keyscape of 3pgp
> (yes I know pgp is
> a program and not the algorithm used for crypto, but you get
> the idea ;).

I s'pose you mean the asymmetric part in PGP's operation (you and I and many
others, but some not, know that it employs hybrid cryptography). The
question that remains though, is, can it work the way Triple-DES works.
Triple-DES is only good if the order of operations is encrypt with key 1,
*decrypt* with key2, encrypt with key 1 or 3, depending on how many 56-bit
keys you have. I'm not sure that this applies to other algorithms in a
similar manner. Could be you're just doubling the difficulty by encrypting
again with a key of same length as the first, not exponentiating it.

> 99 times out of 100 with modern crypto it's weak
> passphase/mistake in key
> recovery/creation/etc that does it in, the math is rarely
> wrong, unless it's
> a closed system or amateur system (something to be learned from that I
> think).

Agreed.

Tobias

< Previous Next >