[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NIST publishes new DSA draft

To: Jon Callas <jon@xxxxxxxxxx>
Subject: Re: NIST publishes new DSA draft
From: Ben Laurie <ben@xxxxxxxxxxxxx>
Date: Mon, 27 Mar 2006 21:36:43 +0100
Cc: OpenPGP <ietf-openpgp@xxxxxxx>
In-reply-to: <C6620F59-F7F1-498E-B999-9BB08715395F@xxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-id: <ietf-openpgp.imc.org>
List-unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
References: <20060314194447.4D59A57FB0@xxxxxxxxxx> <20060316192823.GA9945@xxxxxxxxxxxxxxx> <441ACF45.704@xxxxxxxxxxxxx> <87fylhdq36.fsf@xxxxxxxxxxxxxxxxxxxxx> <20060317174937.GC13241@xxxxxxxxxxxxxxx> <3C3EAEDD-7724-4E92-AA3C-49B5B2E6F3F9@xxxxxxxxxx> <44267719.1060302@xxxxxxxxxxxxx> <C6620F59-F7F1-498E-B999-9BB08715395F@xxxxxxxxxx>
Sender: owner-ietf-openpgp@xxxxxxxxxxxx
User-agent: Thunderbird 1.5 (Windows/20051201)

Jon Callas wrote:
> On 26 Mar 2006, at 3:12 AM, Ben Laurie wrote:
> 
>> Jon Callas wrote:
>>>
>>> I think we ought to keep it with the same algorithm number.
>>>
>>> I'm happy to put in SHA-224 (meaning it's trivial work), but I don't
>>> like it, myself. The reason is that SHA-224 is really a truncated
>>> SHA-256. Thus, it has no advantages over SHA-256 except being smaller by
>>> 32-bits with 112 bits of security. The reason it exists at all is for
>>> crypto-balance with 2-key 3DES (which is not TDEA), which we don't allow
>>> at all.
>>
>> <pedantic>
>>
>> 3-key DES also has a strength of 112 bits.
>>
>> </pedantic>
>>
> 
> There are certainly good arguments for that, but if 3-key 3DES is no
> stronger than 2-key, then there shouldn't be any harm in dropping the
> third key. Right? If you don't like this idea (that 2-key and 3-key are
> equivalent), which I don't, then 3-key must be some stronger. It just
> isn't easy to know how much more.

I'm not going to argue with this, but it clearly ain't much more. You
would be out on a limb to argue that it provided usefully more than 112
bits - though I won't hesitate to agree that 2DES < 3DES.

Cheers,

Ben.


-- 
http://www.apache-ssl.org/ben.html           http://www.links.org/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

Follow-Ups:
- Re: NIST publishes new DSA draft
  - From: Jon Callas

References:
- Re: NIST publishes new DSA draft
  - From: "Hal Finney"
- Re: NIST publishes new DSA draft
  - From: David Shaw
- Re: NIST publishes new DSA draft
  - From: Ian G
- Re: NIST publishes new DSA draft
  - From: Werner Koch
- Re: NIST publishes new DSA draft
  - From: David Shaw
- Re: NIST publishes new DSA draft
  - From: Jon Callas
- Re: NIST publishes new DSA draft
  - From: Ben Laurie
- Re: NIST publishes new DSA draft
  - From: Jon Callas

Prev by Date: Re: NIST publishes new DSA draft
Next by Date: Re: Suggested changes for DSA2
Previous by thread: Re: NIST publishes new DSA draft
Next by thread: Re: NIST publishes new DSA draft
Index(es):
- Date
- Thread