Re: Why is 3DES favoured over AES?

Am 18.05.2011 10:57, schrieb Francois Grieu:
On 18/05/2011 10:10, Mok-Kong Shen wrote:

3DES seems to be favoured over AES in certain practical use today, e.g.
in VISA. Why is this so?

1) Inertia rules the universe.

2) The above rule applies especially when there is no visible benefit to
change, when change is costly, or when in the banking domain; all of
this apply in the case of VISA. In particular, I know no foreseeable
weakness attributable to 3DES in the context of banking, even when
restricted to 112-bit keys.

3) Implementation of 3DES with countermeasures against side-channel
attacks is well studied, and available in hardware (thus faster than AES
in software) on virtually all Smart Card microprocessors, including
those costing a fraction of an euro used in bank Smart Cards, and have
common-criteria evaluation to EAL4+ or better. This is not yet as
common/cheap with AES.

3) may be a good point, I don't know.
http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007.pdf says however 3DES (with 2 keys) has only
80-bit of security.

Could someone explain why it is that expensive to switch over to AES?
One could easily, I surmise, have a transition period where both
systems are available. What are exactly so costly in hindering the
introduction of a better system, hardware, software, humanware?#
(Or was the goal of AES not achieved??)

M. K. Shen

.

Relevant Pages

  • Re: Why is 3DES favoured over AES?
    ... The above rule applies especially when there is no visible benefit to change, when change is costly, or when in the banking domain; all of this apply in the case of VISA. ... Implementation of 3DES with countermeasures against side-channel attacks is well studied, and available in hardware (thus faster than AES in software) on virtually all Smart Card microprocessors, including those costing a fraction of an euro used in bank Smart Cards, and have common-criteria evaluation to EAL4+ or better. ...
    (sci.crypt)
  • Re: Why is 3DES favoured over AES?
    ... change, when change is costly, or when in the banking domain; ... this apply in the case of VISA. ... and available in hardware (thus faster than AES ... and now that their protocol is in 100 ...
    (sci.crypt)
  • Re: Why is 3DES favoured over AES?
    ... change, when change is costly, or when in the banking domain; ... this apply in the case of VISA. ... and available in hardware (thus faster than AES ... It is tiny in memory. ...
    (sci.crypt)
  • Re: Sorry for the uninteresting (AES) question.
    ... Microchip removed the source code for AN953 and the wayback machine ... and a smart card Smart cards are very fast at AES ... more serious problem than the merits of any algorithm. ... economic sense and adding a smart card does not solve any problem. ...
    (sci.crypt)
  • Re: Sorry for the uninteresting (AES) question.
    ... Microchip removed the source code for AN953 and the wayback machine ... and a smart card Smart cards are very fast at AES ... The most common use for these things will be as embedded controllers in ... economic sense and adding a smart card does not solve any problem. ...
    (sci.crypt)