[VPN] How to calculate Key Length in DES and 3DES?

Ryan Malayter rmalayter at bai.org
Tue Feb 25 14:05:34 EST 2003


There are 95 visible characters on a US keyboard, and log2(95) = 6.55,
so there are about 6.57 bits of entropy per character. That means you
need at least 9 characters for a single-DES key, and at least 18
characters for a tripe-DES key. (In most cases the strength of a
triple-DES implementation is actually 112 bits, not 168 bits, because
the best cryptanalytic attacks against triple-DES only take 2^112
operations).

This presumes, of course, that you are using TRULY random strings of
characters, not full words. If you use words, names, or other things you
can easily remember, you are getting much lower security per character.
See www.diceware.com for more information about the entropy of common
words in a password.

You can use a source like www.random.org as a source of random
characters, but I recommend using something you control physically like
dice, coin tosses, a bingo cage, whatever. Do NOT use a random number
generator built into a programming language, unless it is specifically
designed for secure number generation, like the one in GnuPG,
Microsoft's CryptoAPI, or /dev/random on Linux.

I personally use 50-character phrases, consisting only of digits 1-6, to
create all of my sensitive passwords (like VPN shared secrets). I know
they offer 128 bits of security because they were determined solely from
50 dice tosses I controlled with my own hands. For systems which require
a key in hexadecimal format, I simply hash the list of 50 dice toss
results (3215464312...) using the SHA-1 algorithm, and use the first 32
hexadecimal letters, or as many as the system can take. If the system
can't take 32 characters, I convert it using the method found at
http://malayter.com/dice2ascii.txt

Also be careful about the method by which you enter a key into a device.
You may go through all the trouble to create this massively secure key
phrase, then ruin it by sending it unencrypted across a shared network
to the broswer interface of your VPN device. I generally do firewall
security configuration directly connected to the device with a crossover
cable.

Ryan Malayter
Sr. Network & Database Administrator
Bank Administration Institute
Chicago, Illinois, USA
PGP Key: http://www.malayter.com/pgp-public.txt
:::::::::::::::::::::::::::::::
Only the mediocre are at their best all the time.




-----Original Message-----
From: Sandeep Dhadwal [mailto:dhadwal_sandeepsingh at hotmail.com] 
Sent: Sunday, February 23, 2003 5:25 PM
To: vpn at lists.shmoo.com
Subject: [VPN] How to calculate Key Length in DES and 3DES?


Hi All,

I would like to what is the key length in DES and 3 DES.  I know that
DES 
supports 56 bit and 3DES 168 bit keys.  But I want to know how many 
characters we can use in both and also how to calculate the length of
the 
characters.

Regards,
Sandeep Singh Dhadwal



More information about the VPN mailing list