From: [EMAIL PROTECTED] (Johan Danielsson)
Date: 23 Nov 1999 16:15:11 +0100
> You are questioning the use of Triple DES but not the use of
> CAST-128.
I'm questioning the use of DES3 in anything but EDE on outer CBC
mode. There is a paper by Eli Biham about other combinations, which
basically says that most of them are not much better than single DES.
The telnet encryption specification provides confidentiality but *not*
integrity guarantees. It is using CFB/OFB because it is stream
oriented, and this *is* known weakness, and is discussed in the drafts.
Personally, I wouldn't have bothered with the triple-DES telnet
encryption mode, on the grounds that because it is a very weak mode, it
doesn't provide much protection. However, Jeffery lobbied for them on
the grounds that they were being used in some existing implementations
(I don't remember which one, but it wasn't Kerberos V5), and that we
should document what some implementations are using today.
- Ted
