Banks and 128 bit DES
Padgett 0sirius
padgett at gdi.net
Mon, 20 Mar 2000 21:17:05 -0500
>I thought that `Step Up' certificates, and the new US export
>regulations, placed a limit at 128 bits? It's possible that the bank's
>let the cat out of the bag, and they're using 3DES with 40 fixed bits.
Triple-DES reaches its maximal strength with two keys (112 bits) - use a to
encrypt, b to decrypt, a to encrypt again. This limit is of the algorithm
(48 Li'l Orphan Annies) and not the key length. You gain no advantage from
using three keys (168 bits).
Further, the mathematically impaired might notice that DES actulally uses
64 bit registers but only 56 bits of key, the other eight are parity which
an really confuse the sans coulottes.
So triple-DES is as strong as it will ever be with two 112 bit keys and 16
bits of "other things" or 128 bits.
At least I *hope* that is what they are doing.
Frankly would be more concerned about the public keys size - break the
symmetric and you get one message, break the asymmetric and you get *every*
message.
BTW various companies have been buying "global", "step-up", or "server
gated" keys for several years now, not just banks or financial
institutions. Apparently was just a matter of the right amount of money
(U$695 ?) changing hands.
A. Padgett Peterson, P.E., CISSP: Cybernetic Psychophysicist
Anti-Virus, Cryptographics, & Antique Radio Researcher
http://www.freivald.org/~padgett/index.html
mailto:padgett@gdi.net PGP 6.5 Key on request