3DES key-length
Dan Kaminsky
dan at doxpara.com
Wed Dec 4 11:21:17 EST 2002
> I would like to know the key-length used for 3DES data encryption in
> openssh.
> I thought that it should be 192 (3 * 64) bits, but the sshd man page states
> 128 bit key used for 3DES.
This is one time when Marketing got it right.
Key length is a bit messy...3DES uses three 64 bit keys, but 8 bits of
each key is parity(i.e. doesn't contribute to security value). So
there's 56*3 or 168 bits of entropy behind each 3DES key.
If I remember correctly, there's an optimized model of 3DES cracking
that reduces the complexity of 168 bit 3DES to 112 bits. (2DES is only
1 bit more complex to break than straight DES, due to this attack.) But
3DES has undergone vastly more cryptanalysis than any other algorithm,
so it's a bit unfair to say it's inferior to those ciphers that directly
use 128 bit keys (Blowfish, AES, etc.)
So -- instead of mucking with the details of 64 bit keys that are really
56 bit but are used thrice to give 192 bits of keying material with only
168 bits used but with only 112 bits of security on a very widely
trusted algorithm...
It's 128 bit.
> Also, I would like to know the 3des key negotiation - who generates the key
> (the client or the server).
Don't remember off the top of my head, I'll dive through the specs if
nobody else pipes up. Under DH, neither side actually needs to generate
the key -- it can be the unified outcome of their asymmetric exchange.
> I am interested in the export regulations concerning openssh in USA. Any
> idea on this ?
Should be pretty free of US regs; all the crypto modules are imported
from Canada / Germany / Etc.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
More information about the openssh-unix-dev
mailing list