Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

3DES and birthday attacks #10

vouillon opened this issue Mar 3, 2014 · 1 comment

3DES and birthday attacks #10

vouillon opened this issue Mar 3, 2014 · 1 comment


Copy link

vouillon commented Mar 3, 2014

3DES is subject to birthday attacks: with over 32 gigabytes of data, there is about 50% chance that two 64-bit blocks have been similarly encoded; then, some information could be recovered by xoring them.

A workaround is to force a rekeying (renegotiation) much sooner. However, this adds some complexity to the implementation and it might be hard to check that this has been correctly implemented (and that it remains so over time).

As far as I know, other ciphers are not subject to this attack. In particular, AES uses 128-bit blocks, which makes the attack impossible.


Copy link

hannesm commented Dec 23, 2017

since the 0.9.0 release, 3DES is disabled by default, unclear when/how to remove the 3DES code entirely.

the library-initiated renegotiation after n bytes is at the moment out of scope.

@hannesm hannesm closed this as completed Dec 23, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

No branches or pull requests

2 participants