Jeffrey Walton-3 wrote:
>
> On Thu, Feb 23, 2012 at 2:12 PM, burtbick <l...@burtbicksler.com> wrote:
>>
>> <snip>
>> But when I try using the openssl command line tool I wind up with 24
>> bytes
>> of cipher text for my encrypted 16 byte key value.
>> <snip>
>>
>
> It sounds like the device wants a '2-key TripleDES' key, and OpenSSL
> is generating a '3-key TripleDES' key.
>
> The 2-key variant provides about 80 bits of security and is considered
> to be weak by some folks. Thos folks who use the stronger variant as
> recommended by NIST, ECRYPT, et al use 3-key TripleDES (112 bits) and
> AES (128 bits).
>
> You might also se TDEA instead of TripleDES: 2-key TDEA and 3-key TDEA.
>
> Jeff
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openssl-users@openssl.org
> Automated List Manager majord...@openssl.org
>
>
Thanks Jeff,
Any suggestions on how to make the openssl command line tool generate the
two key triple DES key?
I've tried des-ede which says Two key triple DES EDE in ECB mode (I need ECB
mode for the key encryption bits)
I've tried other variants and they are all producing 24 bits of cipher text
output.
I've tried openssl enc -des-ede ... and also openssl des-ede ....
I get the same results, so I must be doing something wrong.
Right now I'm testing on Ubuntu 10.04.
I'm going to have to use the OpenSSL library as soon as I know that I can
properly encrypt the key(s). And maybe I just need to do that anyway.
Where's the best place to find a good example of using the openssl library
with Triple DES?
Thanks again,
Burt
--
View this message in context:
http://old.nabble.com/Triple-DES-ECB-question-tp33378100p33381231.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
