| 1 |
hi, |
| 2 |
|
| 3 |
> easy explanation of cipher strengths so that I could answer questions |
| 4 |
> like 'how strong 3DES is' to novice users. Most results I could find are |
| 5 |
> too technical / mathematical. I want very simple explanation like this: |
| 6 |
> |
| 7 |
> 128 bit IDEA is very strong cipher. Normally, take a piece of encrypted |
| 8 |
|
| 9 |
3DES and IDEA are very strong ciphers |
| 10 |
unless you are a terrorist, or you have discovered a secret of perpetum |
| 11 |
mobile (or at least cheap way of doing |
| 12 |
hydrogen fusion on a mass scale), noone is going to invest the money |
| 13 |
required to break your 3DES/IDEA |
| 14 |
encryption keys |
| 15 |
|
| 16 |
on the tech side, 3DES/IDEA are symmetric ciphers, usually accompanied |
| 17 |
by asymmetric ciphers responsible for |
| 18 |
exchange of encryption keys (for 3DES/IDEA) - yet another cipher to take |
| 19 |
into considerations |
| 20 |
there are some hardware devices able to (tremendously) speed up breaking |
| 21 |
of asymmetric ciphers like RSA/DSA, |
| 22 |
so this can be a shortcut to get your message decrypted |
| 23 |
(and of course, don't forget known plaintext attacks - or even key |
| 24 |
loggers for that matter), if your users are using |
| 25 |
windows, they have much much bigger problem there and should not be |
| 26 |
concerned by cryptographic strength of |
| 27 |
3DES/IDEA (even ROT13 can be more secure then windows on your desktop) |
| 28 |
|
| 29 |
> Another question: technically, how does IDEA compare to 3DES on cipher |
| 30 |
> strength and CPU usage? Is 3DES more safer than IDEA and cost more CPU |
| 31 |
> time? |
| 32 |
|
| 33 |
both are enough secure ciphers with respect to current state of |
| 34 |
cryptanalysis |
| 35 |
if you want to develop your own app, you may prefer 3DES because IDEA is |
| 36 |
patented (AFAIK) |
| 37 |
on the other side, IDEA is faster (current implementation of IDEA are |
| 38 |
approx twice as fast as DES implementations) |
| 39 |
|
| 40 |
at the end of the day, it is not important for users, they are |
| 41 |
threatening their own security by clicking on every .exe |
| 42 |
attachment they get |
| 43 |
but of course, no user wants to hear that HE is the weak link in the chain |
| 44 |
|
| 45 |
regards, |
| 46 |
martin |
Archives