----- Original Message -----
From: "Rogier Wolff" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, February 27, 2001 12:11 AM
Subject: Re: Nortel CES (3DES version) offers false sense of security when
usi ng IPSEC
> I don't know where people get their information, but tripple-DES uses
> a 112 bit key. How they can advertize 128, or even 168 bits of keys I
> don't know.
>
> Triple DES is triple because you run the plaintext through DES three
> times, however you use only two different keys.
Hmm...
According to FIPS 46-3 (which is a good place to get information on triple
DES), there are three keying modes:
The standard specifies the following keying options for bundle (K1, K2, K3)
1. Keying Option 1: K1, K2 and K3 are independent keys;
2. Keying Option 2: K1 and K2 are independent keys and K3 = K1;
3. Keying Option 3: K1 = K2 = K3.
This means that 56bit, 112bit, and 168bit keys are all valid key lengths.
-LW
