Bug 75131 - more typos in security guide
more typos in security guide
Product: Red Hat Linux
Classification: Retired
Component: rhl-sg (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: John Ha
Tammy Fox
Depends On:
  Show dependency treegraph
Reported: 2002-10-04 14:18 EDT by Tom Wood
Modified: 2014-08-04 18:14 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2002-10-04 18:03:18 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Tom Wood 2002-10-04 14:18:04 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20020830

Description of problem:
Incorrect statement about 3DES being 192 bit encryption.  3DES is 168 bits (56
bit DES x 3)

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.Load RHL security guide.
2.Read the security section.
3.Be amazed at the additional 24 bits of security RH 3DES gives you ;-)

Additional info:

Chapter 6, fourth paragraph is where this is referenced.  Also, "cipher" is the
preferred spelling over "cypher".  

Also, bugzilla references this package in the description as "Official RHL
Reference Guide".  Shouldn't this be "Official RHL Security Guide"?
Comment 1 Tom Wood 2002-10-04 14:35:25 EDT
Another problem, this time in /usr/share/doc/rhl-sg-en-8.0/figs/vpn/cipe1.png 
It's generally considered poor taste to use someone's network addresses in
examples.  The nice thing to do is to use the private network addresses (RFC
1918) for your examples.
Comment 2 John Ha 2002-10-04 18:32:56 EDT
Point by point:

1) You are correct. It should have been noted that the 192 bits is derived from
the subkey bits along with the additional parity bits, and that the effective
strength is actually only 56 x 3 = 168 as you noted. The passage will be amended
to 168.

2) I have always understood it to be 'cypher', but if conventional spelling is
'cipher', then the Guide should stick with convention as to avoid confusion.

3) In the diagram you mentioned, the attempt was to illustrate that the computer
was remote and had a publicly routable IP address along with its CIPE address. I
will amend it to say "remote.example.net" instead, as that is generally accepted
according to RFC 2606. 

Thank you very much for sharing your observations. Our next version is sure to
be better with reader feedback.

Thanks again.
Comment 3 Miloslav Trmac 2002-10-05 15:45:50 EDT
BTW, the real *effective* strength of 3DES is only 112 bits
because you can do a meet-in-the-middle attack if you have a
plaintext/cyphertext pair (you brute-force 56 bits of the first key by
encrypting the plaintext
and you brute-force 112 bits of the 2nd and 3rd key by decrypting the
cyphertext. From the first step, you get 2^56 (65536 TB * data size ;-)
samples, and if some of the results from the 2nd step matches, you
know all three keys used.

This is why 2DES is not used, breaking it takes only twice the time
of simple DES.

I'm not sure whether you want to bother the readers with this though ;-)

Note You need to log in before you can comment on or make changes to this bug.