Re: [TLS] Proposed text for IDEA/DES document

To: Mike <mike-list at pobox.com>
Subject: Re: [TLS] Proposed text for IDEA/DES document
From: "Steven M. Bellovin" <smb at cs.columbia.edu>
Date: Thu, 7 Feb 2008 06:02:17 +0000
Cc: tls at ietf.org
Delivered-to: ietfarch-tls-web-archive at core3.amsl.com
Delivered-to: tls at core3.amsl.com
In-reply-to: <47AA9CEF.5010605 at pobox.com>
List-archive: <http://www.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <http://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <http://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
Organization: Columbia University
References: <B356D8F434D20B40A8CEDAEC305A1F240536CDD3 at esebe105.NOE.Nokia.com> <Pine.LNX.4.58.0802051421310.19741 at thetis.deor.org> <B356D8F434D20B40A8CEDAEC305A1F240539A72D at esebe105.NOE.Nokia.com> <20080207021022.GA7770 at tau.invalid> <47AA9CEF.5010605 at pobox.com>
Sender: tls-bounces at ietf.org

On Wed, 06 Feb 2008 21:53:51 -0800
Mike <mike-list at pobox.com> wrote:

> >>> IDEA's problem is its patent, nothing more.
> > 
> > IDEA's problem also is the 64-bit block length.
> > 
> > With networks getting faster, it is increasingly easier to get
> > uncomfortably close to the number of blocks where you can no longer
> > expect full security (around 2^32 blocks, i.e. 32 GB, for CBC
> > encryption; with a non-neglible probability to have a security
> > failure well below this limit).
> 
> Can you explain how security weakens after sending 32GB of data?
> Is this just for IDEA or for AES and others as well?  In TLS,
> can you just renegotiate the security parameters well before
> reaching this threshold?
> 
The problem is the probability of a collision in the ciphertext
blocks.  The blocksize is 64 bits, for DES and IDEA; therefore, it's
collision resistance is O(sqrt(2^64)) or 2^32.  That's why AES has a
128-bit blocksize, to raise that parameter to 2^64 blocks.


		--Steve Bellovin, http://www.cs.columbia.edu/~smb
_______________________________________________
TLS mailing list
TLS at ietf.org
http://www.ietf.org/mailman/listinfo/tls

Follow-Ups:
- Re: [TLS] Proposed text for IDEA/DES document
  - From: Pasi.Eronen

References:
- Re: [TLS] Proposed text for IDEA/DES document
  - From: Pasi.Eronen
- Re: [TLS] Proposed text for IDEA/DES document
  - From: Bodo Moeller
- Re: [TLS] Proposed text for IDEA/DES document
  - From: Mike

Prev by Date: Re: [TLS] Proposed text for IDEA/DES document
Next by Date: Re: [TLS] Proposed text for IDEA/DES document
Previous by thread: Re: [TLS] Proposed text for IDEA/DES document
Next by thread: Re: [TLS] Proposed text for IDEA/DES document
Index(es):
- Date
- Thread

Re: [TLS] Proposed text for IDEA/DES document

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.