[Top] [All Lists]

Re: AES/SHA1/Must/Should

2005-04-15 10:39:36

On 13 Apr 2005, at 2:51 PM, David Shaw wrote:

There are too many years and too many implementations where 3DES is
the algorithm of last resort, and changing 3DES to a SHOULD
necessitates a different algorithm of last resort.  We cannot change
that overnight.

By all means, add some new MUSTs to start the algorithm changing
process, but 3DES needs to stay as MUST as well for a good long time.

I understand how you feel. I feel the same way. However, I have a question to ask:

When? How long is "a good long time"? Forever?

The counter-argument is that there is no better time than now. The reasons to keep 3DES there only get stronger as time goes on. This problem becomes worse with time, not better.