Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

How many keys are used for 3DES in PGP?

115 views
Skip to first unread message

Tom St Denis

unread,
Dec 15, 2003, 9:08:07 PM12/15/03
to

"Mxsmanic" <mxsm...@hotmail.com> wrote in message
news:vipstv0luv1tvcp9i...@4ax.com...
> Does PGP do 3DES with two keys or three keys?
>
> And what should one normally assume in discussions of 3DES if the number
> of keys is not given? What's the most common implementation?

Checking GPG it has both 2key and 3key routines. However, following
"des_get_info" to do_tripledes_setkey it uses the 3key variant.

As an aside... let's do something in /gnupg-1.2.3/cipher/

$ grep "burn_stack (int bytes)" *.c
blowfish.c:burn_stack (int bytes)
cast5.c:burn_stack (int bytes)
des.c:burn_stack (int bytes)
md5.c:burn_stack (int bytes)
random.c:burn_stack (int bytes)
rijndael.c:burn_stack (int bytes)
rmd160.c:burn_stack (int bytes)
sha1.c:burn_stack (int bytes)
sha256.c:burn_stack (int bytes)
sha512.c:burn_stack (int bytes)
tiger.c:burn_stack (int bytes)
twofish.c:burn_stack (int bytes)

That's what I call efficient coding!!! they rewrote burn_stack not once,
not twice, but 12! [count em!] 12 times!!!

That's just F'ing stupid.

> And in the case of implementations using only two keys, why don't they
> use three keys instead?

The lib provides both but the default crypto descriptor [see
/gnupg-1.2.3/cipher/cipher.c] uses 3key.

Tom


Mxsmanic

unread,
Dec 15, 2003, 9:21:11 PM12/15/03
to
Tom St Denis writes:

> That's what I call efficient coding!!! they rewrote burn_stack not once,
> not twice, but 12! [count em!] 12 times!!!
>
> That's just F'ing stupid.

Although it does prevent a compromise in one routine from affecting the
others (at least potentially).

--
Transpose hotmail and mxsmanic in my e-mail address to reach me directly.

Tom St Denis

unread,
Dec 15, 2003, 9:30:50 PM12/15/03
to

"Mxsmanic" <mxsm...@hotmail.com> wrote in message
news:goqstv0cbt940ss6a...@4ax.com...

> Tom St Denis writes:
>
> > That's what I call efficient coding!!! they rewrote burn_stack not
once,
> > not twice, but 12! [count em!] 12 times!!!
> >
> > That's just F'ing stupid.
>
> Although it does prevent a compromise in one routine from affecting the
> others (at least potentially)

Not really. In fact it does quite the opposite. By raising the # of loc
you raise the probability of an error.

I don't know why they did that but I'd think a single burn_stack function
would be ideal. At least they didn't pull an OpenSSL and write a
cbc/cfb/ofb/... for each cipher... ;-)

Tom


0 new messages