> From: Marcus Brosda [mailto:[EMAIL PROTECTED]] > > Hi, > > the difference between the 112-bit and the 168-bit version is, that the > 168-bit > version uses three keys with 56 bit length and encrypts the message with > key A, > then key B and then key C.
Are you sure about that? Everything I've read to date shows that the 3DES uses 2 keys (56bit effective strength per key, or 112-bit key space) with an Encrypt-Decrypt-Encrypt (EDE) sequence. Basically encrypt with K1, decrypt with K2, encrypt with K1, then do the CBC on the EDE block. > The 112-bit version has only two keys of 56-bit length and encrypts the > message > first with key A, then with key B and then again with key A. > > In both cases the message is encrypted three times (3des) with a summary > of 168 > bit key length. But the effective key length of the both algorithms > differ. If this is the case, how would two different IPsec devices negotiate the 3DES method used (i.e., 2 keys or 3 keys as you describe above)? I must be missing something in the way IPsec utilizes 3DES. My understanding was that there is one algorithm used, with either MD5 or SHA1 as HMAC. Regards, --- Gavin ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
