Is 3DES Broken?
Daniel Carosone
dan at geek.com.au
Tue Feb 1 16:44:00 EST 2005
On Mon, Jan 31, 2005 at 10:38:53PM -0500, Steven M. Bellovin wrote:
> When using CBC mode, one should not encrypt more than 2^32 64-bit
> blocks under a given key. That comes to ~275G bits, which means that
> on a GigE link running flat out you need to rekey at least every 5
> minutes, which is often impractical.
Notably for those encrypting data at rest, it's also rather smaller
than current hard disk sizes, which are much harder to re-key.
(Even for those only encrypting data in flight, it has practical
implications regarding the feasibility of capturing that data for later
analysis)
--
Dan.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20050202/5f79e0af/attachment.pgp>
More information about the cryptography
mailing list