[Cryptography] Boing Boing pushing an RSA Conference boycott
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Thu Jan 16 07:22:40 EST 2014
Jonathan Hunt <j at me.net.nz> writes:
>On Wed, Jan 15, 2014 at 12:48 PM, Phillip Hallam-Baker <hallam at gmail.com> wrote:
>> What then should we do about all the folk clinging to 3DES? How about the
>> people who stuck with MD5? How about the people who have not junked SHA-1?
>
>I don't think anyone recommends using these broken constructs in new projects
>(i.e. sets them as default in a cryptography library).
Since when was 3DES a broken construct? In fact in the early-mid 2000's there
were several papers published that made AES look a bit shaky (none of the
attacks were developed much further, but we didn't know that at the time), so
sticking to 3DES, with its extra quarter century of provenance, was a
perfectly sensible move. Even now, it's unlikely that any algorithm has
received as much attention and analysis as 3DES.
Peter.
More information about the cryptography
mailing list