3DES key-length

Dan Kaminsky dan at doxpara.com
Wed Dec 4 11:21:17 EST 2002

> I would like to know the key-length used for 3DES data encryption in
> openssh.
> I thought that it should be 192 (3 * 64) bits, but the sshd man page states
> 128 bit key used for 3DES.

This is one time when Marketing got it right.

Key length is a bit messy...3DES uses three 64 bit keys, but 8 bits of 
each key is parity(i.e. doesn't contribute to security value).  So 
there's 56*3 or 168 bits of entropy behind each 3DES key.

If I remember correctly, there's an optimized model of 3DES cracking 
that reduces the complexity of 168 bit 3DES to 112 bits.  (2DES is only 
1 bit more complex to break than straight DES, due to this attack.)  But 
3DES has undergone vastly more cryptanalysis than any other algorithm, 
so it's a bit unfair to say it's inferior to those ciphers that directly 
use 128 bit keys (Blowfish, AES, etc.)

So -- instead of mucking with the details of 64 bit keys that are really 
56 bit but are used thrice to give 192 bits of keying material with only 
168 bits used but with only 112 bits of security on a very widely 
trusted algorithm...

It's 128 bit.

> Also, I would like to know the 3des key negotiation - who generates the key
> (the client or the server).

Don't remember off the top of my head, I'll dive through the specs if 
nobody else pipes up.  Under DH, neither side actually needs to generate 
the key -- it can be the unified outcome of their asymmetric exchange.
> I am interested in the export regulations concerning openssh in USA. Any
> idea on this ?

Should be pretty free of US regs; all the crypto modules are imported 
from Canada / Germany / Etc.

Yours Truly,

	Dan Kaminsky
	DoxPara Research

More information about the openssh-unix-dev mailing list