3DES is subject to birthday attacks: with over 32 gigabytes of data, there is about 50% chance that two 64-bit blocks have been similarly encoded; then, some information could be recovered by xoring them.
A workaround is to force a rekeying (renegotiation) much sooner. However, this adds some complexity to the implementation and it might be hard to check that this has been correctly implemented (and that it remains so over time).
As far as I know, other ciphers are not subject to this attack. In particular, AES uses 128-bit blocks, which makes the attack impossible.
The text was updated successfully, but these errors were encountered: