[Cryptography] key lengths in different places

[Robin Wood]

Hi
I did a Nessus scan of a site and one of the TLS issues reported was medium
strength ciphers, the one picked out was:

TLSv1
DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

I also scanned the site with sslscan (screenshot attached) and SSL Labs and
both reported the same cipher but with 112 bit keys. I reported this to
Tenable as a mistake in their reporting as they showed 168 rather than 112,
they came back with the following reply:

--------------

There is a difference between the key size in memory - including overhead
like parity bits (192 bits), the bits used of the key (168 bits), the
intended security of the key (112 bits) and the actual security given the
attacks possible on the cipher (still 112 bits). The figures between
parentheses is for triple DES keys (DES ABC)

Also Please see also some information from our community
https://community.tenable.com/thread/2111

so it appears the 168 is not the key size for security in this instance but
the bit size

----------------------

Does this make sense? Are there different bit lengths depending on what you
are talking about and if so, is there a way to know which is being reported?

If I'm completely wrong on how I'm reading this please point me at any
intro docs that explain explain what is going on.

Robin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170526/ae0d0413/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sslscan_obfs.png
Type: image/png
Size: 60177 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170526/ae0d0413/attachment.png>