Default hash

David Shaw dshaw at jabberwocky.com
Sat Feb 26 18:06:51 CET 2011


On Feb 26, 2011, at 9:10 AM, Aaron Toponce wrote:

>> 3DES's history is instructive.  NIST has declared it "dead in 20 years"
>> more often than Netcraft has declared BSD to be dying.[*]  At this
>> point, I'm unaware of anyone who seriously believes 3DES will be gone in
>> 20 years.  Most people seem to be of the belief that in about fifteen
>> years NIST will say, "and 3DES is believed strong through 2050."
> 
> Great! If it has that sort of security, then maybe I'll give it a second
> thought. I was always under the impression that due to DES being cracked
> by the EFF in what, 9 months?, that 3DES, just using 3 of the same
> 56-bit key, wasn't long before we had the hardware to break it in 9
> months also. I'll give reconsideration.

Not nine months - 4.5 days on average.  At least that was the performance of the DES cracker in 1998.  If it were done today, it would probably do better (or at least do it cheaper).

3DES doesn't use 3 of the same 56-bit key.  3DES (at least the 3DES used in OpenPGP) uses three different 56-bit keys.

3DES is still quite secure.  It's main problem is that it's *slow*.

David




More information about the Gnupg-users mailing list