However, there are potentially *implementations* of DES that force a
certain number of bits to 0 or something which can have the effect of
lowering the overall keylength. Set 16 bits in a 56-bit DES key to 0
always and you effectively have a 40 bit key because you have limited the
keyspace from 2^56 to 2^40. Applications written in the US often do this
to create export-only versions from full-strength crypto versions. The
GSM algorithm implementation has also been shown to set many key bits to
zero, effectively lowering the strength of the crypto.
-Jason
On Mon, 14 Feb 2000, Geoff Gates wrote:
> Date: Mon, 14 Feb 2000 15:00:25 -0500
> From: Geoff Gates <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: DES
>
> >>
> >> I am having a problem trying to implement IPSec tunnel between CISCO
> IPSec
> >> IOS and Checkpoint Firewal-1 V4.0. It turned out that CISCO has 56
> bit DES
> >> but Checkpoint has only 40 bit DES.
> >
> > I might be speaking out of my arse here, but I have the distinct
> > recollection that there is no such thing as 40 bit DES; the
> > algorithm is firmly super-glued to the idea of keys of 56 bit length.
> >
> > Am I wrong?
>
> You are perfectly correct. DES has to use 56 bits with the standard
> encryption scheme. There are different implementations of DES, such as
> Triple-DES, and Cipher-Block-Chaining mode. None of them are
> compatible. Make sure you are using the same level at both ends
> --
>
> Geoffrey Gates
> Lockheed Martin NE&SS Moorestown
> Network Design
> (856)722-1278
> mailto:[EMAIL PROTECTED]
>
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
AT&T Wireless Services
IT Security
UNIX Security Operations Specialist
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
