From: Adam Shostack <adam@bwh.harvard.edu>
Date: Thu, 10 Aug 95 06:28:38 PDT
To: asb@nexor.co.uk (Andy Brown)
Subject: Re: Why DES in IPSEC ESP?
In-Reply-To: <Pine.SOL.3.91.950810133448.4480H-100000@eagle.nexor.co.uk>
Message-ID: <199508101327.JAA14573@bwh.harvard.edu>
MIME-Version: 1.0
Content-Type: text/plain


| I suppose this is really addressed at Perry:
| 
| Why was (single) DES chosen as the algorithm for the ESP part of IPSEC? 
| If someone's IP traffic is being monitored and collected offline by some
| agency then they're going to get about a couple of hours of security while
| the special purpose key search hardware kicks into action.  I know other
| algorithms can optionally be used, but surely it would have been better to
| have a second, stronger algorithm specified mandatory as well. 

	Since Perry is hopefully off busily implementing things, I'll
try to answer. :)

	First, DES is still pretty strong.  Try throwing Pentiums at
it.  It suffices as a fast, known to be reasonably strong, block
ethernet sniffers algorithim.

	Second, no other algotrithm is known to be well designed.  We
can trust that the NSA did a fair job in the design.  Thus, choosing a
second algorithm is a difficult, and political task.  (There are also
patent and licensing issues with other ciphers)

	So, in order to ship sooner rather than later, DES was chosen.
3DES will probably be available soon afterwards.


Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume