Re: Why is 3DES favoured over AES?
- From: Mok-Kong Shen <mok-kong.shen@xxxxxxxxxxx>
- Date: Wed, 18 May 2011 12:06:52 +0200
Am 18.05.2011 10:57, schrieb Francois Grieu:
On 18/05/2011 10:10, Mok-Kong Shen wrote:
3DES seems to be favoured over AES in certain practical use today, e.g.
in VISA. Why is this so?
1) Inertia rules the universe.
2) The above rule applies especially when there is no visible benefit to
change, when change is costly, or when in the banking domain; all of
this apply in the case of VISA. In particular, I know no foreseeable
weakness attributable to 3DES in the context of banking, even when
restricted to 112-bit keys.
3) Implementation of 3DES with countermeasures against side-channel
attacks is well studied, and available in hardware (thus faster than AES
in software) on virtually all Smart Card microprocessors, including
those costing a fraction of an euro used in bank Smart Cards, and have
common-criteria evaluation to EAL4+ or better. This is not yet as
common/cheap with AES.
3) may be a good point, I don't know.
http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007.pdf says however 3DES (with 2 keys) has only
80-bit of security.
Could someone explain why it is that expensive to switch over to AES?
One could easily, I surmise, have a transition period where both
systems are available. What are exactly so costly in hindering the
introduction of a better system, hardware, software, humanware?#
(Or was the goal of AES not achieved??)
M. K. Shen
- Prev by Date: Re: Why is 3DES favoured over AES?
- Next by Date: Re: Psuedo breaking the DLOG problem
- Previous by thread: Re: Why is 3DES favoured over AES?
- Next by thread: Re: Why is 3DES favoured over AES?