Date: Fri, 21 May 93 12:37 EDT
From: TCJones(_at_)DOCKMASTER(_dot_)NCSC(_dot_)MIL
Subject: DES EDE vs. EEE
Message-Id: <930521163713(_dot_)070100(_at_)DOCKMASTER(_dot_)NCSC(_dot_)MIL>
The Banking Industry (ABA & ANSI X9) do use EDE2 as a standard for key
distribution. If you decide to use EDE3, please write the standard such
that 112 bits only must be securely chosen, then the EDE2 will satisfy
the EDE3 proposal.
I don't understand this request. Could you be specific? EDE2 is clearly a
subset of EDE3. If one user had EDE2 hardware and was talking to an EDE3
user, the EDE2 user could send (k1,k2,k1) as the key. However, the EDE3
user would still send (k1,k2,k3).
Is that OK?
If not, aren't you asking for an EDE2 option as well as (or instead of) the
EDE3 option?
Our company is writing an API which supports EDE2
and not EDE3. Also chips are now available which do EDE encryption
directly, so EEE is not a viable commercial option. If anyone here
cares about commercial products, they will opt for EDE2 over EDE3.
Are you suggesting that someone may want to use those EDE chips rather
than software DES for PEM?
As I have stated before, most standards in business and banking insist
that the IV be sent encrypted.
Bravo.
What does any standard say about the number of IVs for chained DES
(EDE2 or EDE3)?
- Carl