Re: [TLS] Proposed text for IDEA/DES document

[pgut001 at cs.auckland.ac.nz (Peter Gutmann)]

Mike <mike-list at pobox.com> writes:

>> 3DES still is frequently used, for historical
>> reasons on the one hand, and probably because not everyone likes AES
>> all that much on the other hand.
>
>What don't people like about AES?  Is their dislike of it technically
>justified, or is it based on personal preference?

There's a number of reasons that I've run into:

- Lots of 3DES legacy hardware/software out there.
- Lots of existing 3DES standards/security specs out there.
- It's a long-time banking standard, and banks are very conservative.
- Some false alarms about AES' security a few years ago.
- ...

All of it adds up.  I'm still using 3DES as the default cipher for protecting
private keys from a combination of "no-one ever got fired for specifying 3DES"
(some users will question use of AES over 3DES, but I don't think anyone's
ever questioned 3DES), and because the data amounts being protected are so
small that there's no speed advantage to be had from AES.  OTOH I make it
user-configurable, so it's up to the users.

Peter.

_______________________________________________
TLS mailing list
TLS at ietf.org
http://www.ietf.org/mailman/listinfo/tls