[VPN] How to calculate Key Length in DES and 3DES?

[Bennett Todd]

2003-02-23T18:25:05 Sandeep Dhadwal:
> I would like to what is the key length in DES and 3 DES.  I know
> that DES supports 56 bit and 3DES 168 bit keys.  But I want to
> know how many characters we can use in both and also how to
> calculate the length of the characters.

Hmm. An odd question.

The "length of the characters", that would be 8 bits each on most
systems today, but the answer is getting a lot muzzier in some
places. 8 bits per is probably the likeliest answer.

When you are encoding crypto keys, though, there's an additional
complication; it's generally desireable to (a) allow arbitrary
combinations of bits as key data, while (b) having printable
representations (which have only about 6.5 bits per character
available at most).

If your printable representations of your keys are in hex (i.e. the
only characters that show up are 0,1,2,3,4,5,6,7,8,9,a,b,c,d,e,f,
possibly with uppercase letters A-F) then you're only encoding 4
bits of key per printable character. Then a 56-bit DES key would
print up as 14 characters, and a 168-bit 3DES password would print
up as 42 characters.

If on the other hand the straight text of the printable version is
being used as a raw password for the DES or 3DES algorithm, 8 bits
per character, then you only 7 characters for a 56-bit DES password
and 21 for a 168-bit 3DES password --- but those passwords darned
well better look like raw binary noise; if they look printable as
US-ASCII then the high-order bit is always 0, i.e. you're only using
a small fraction of the keyspace, i.e. the work-factor for breaking
your cryptosystem is dramatically dropped.

In between are representations using more than 16 (hex) characters
to encode, like uuencode and Base64.

Then there's the encoding as a series of short words, in the fashion
of S/Key; that packs as I recall 12 bits into each 2, 3, or
4-character short word, so a 56-bit DES key would be 5 words, and a
168-bit 3DES key would be 14 words.

As yet another possibility, systems where humans are expected to
enter keys for such cryptosystems often ask for a passphrase, and
then hash it with the likes of MD5 or SHA-1, and uses bits from the
hash for the key. With such systems, it's wise to use _really_long_
passphrases; normal text english is commonly estimated to have on
the very rough order of about one bit of entropy per character, so
it'd be good to have a passphrase that's at least 56 characters long
for single-DES, and at least 168 characters long for 3DES. Longer is
better, doubling those wouldn't be imprudent.

-Bennett
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.shmoo.com/pipermail/vpn/attachments/20030224/993d0844/attachment.pgp