Hi, I would like to know the key-length used for 3DES data encryption in openssh. I thought that it should be 192 (3 * 64) bits, but the sshd man page states 128 bit key used for 3DES. Also, I would like to know the 3des key negotiation - who generates the key (the client or the server). I am interested in the export regulations concerning openssh in USA. Any idea on this ? I would really appreciate your help, Thanks, Hari -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20021204/72b41ab0/attachment.html
Sorry, but I had to send a text file format message. Hari ----- Original Message ----- From: Hari-Isoft To: openssh-unix-dev at mindrot.org Sent: Wednesday, December 04, 2002 1:18 PM Subject: 3DES key-length Hi, I would like to know the key-length used for 3DES data encryption in openssh. I thought that it should be 192 (3 * 64) bits, but the sshd man page states 128 bit key used for 3DES. Also, I would like to know the 3des key negotiation - who generates the key (the client or the server). I am interested in the export regulations concerning openssh in USA. Any idea on this ? I would really appreciate your help, Thanks, Hari
On Wed, Dec 04, 2002 at 01:18:20PM -0500, Hari-Isoft wrote:> Hi, > > I would like to know the key-length used for 3DES data encryption in openssh. > I thought that it should be 192 (3 * 64) bits, but the sshd man page states 128 bit key used for 3DES.where in the man pages does it say 128-bit for 3DES? i think you were looking at a statement for AES.
[This email is either empty or too large to be displayed at this time]
On Fri, Dec 27, 2002 at 05:09:51PM -0500, Hari-Isoft wrote:> >From sshd manpage: > The rest of the session is encrypted using a symmetric cipher, > currently > 128 bit AES, Blowfish, 3DES, CAST128, Arcfour, 192 bit AES, or 256 bit > AES. The client selects the encryption algorithm to use from those of- > fered by the server. Additionally, session integrity is provided > through > a cryptographic message authentication code (hmac-sha1 or hmac-md5). > > is this 128 bit applicable only to AES? > if so, does 3DES use 192 bit keys.i suppose it could be clearer. i think the intention is to only bit-length-qualify ciphers with variable key-lengths. from draft-ietf-secsh-transport-14.txt: The "3des-cbc" cipher is three-key triple-DES (encrypt-decrypt- encrypt), where the first 8 bytes of the key are used for the first encryption, the next 8 bytes for the decryption, and the following 8 bytes for the final encryption. This requires 24 bytes of key data (of which 168 bits are actually used). To implement CBC mode, outer chaining MUST be used (i.e., there is only one initialization vector). This is a block cipher with 8 byte blocks. This algorithm is defined in [SCHNEIER]