Function: nsm-protocol-check--3des-cipher

nsm-protocol-check--3des-cipher is a byte-compiled function defined in nsm.el.gz.

Signature

(nsm-protocol-check--3des-cipher HOST PORT STATUS &optional SETTINGS)

Documentation

Check for 3DES ciphers.

Due to its use of 64-bit block size, it is known that a ciphertext collision is highly likely when 2^32 blocks are encrypted with the same key bundle under 3-key 3DES. Practical birthday attacks of this kind have been demonstrated by Sweet32[1]. As such, NIST is in the process of disallowing its use in TLS[2].

[1]: Bhargavan, Leurent (2016). "On the Practical (In-)Security of
64-bit Block Ciphers — Collision Attacks on HTTP over TLS and
OpenVPN", https://sweet32.info/
[2]: NIST Information Technology Laboratory (Jul 2017). "Update to
Current Use and Deprecation of TDEA", https://csrc.nist.gov/News/2017/Update-to-Current-Use-and-Deprecation-of-TDEA

Source Code

;; Defined in /usr/src/emacs/lisp/net/nsm.el.gz
(defun nsm-protocol-check--3des-cipher (_host _port status &optional _settings)
  "Check for 3DES ciphers.

Due to its use of 64-bit block size, it is known that a
ciphertext collision is highly likely when 2^32 blocks are
encrypted with the same key bundle under 3-key 3DES.  Practical
birthday attacks of this kind have been demonstrated by Sweet32[1].
As such, NIST is in the process of disallowing its use in TLS[2].

[1]: Bhargavan, Leurent (2016).  \"On the Practical (In-)Security of
64-bit Block Ciphers — Collision Attacks on HTTP over TLS and
OpenVPN\", `https://sweet32.info/'
[2]: NIST Information Technology Laboratory (Jul 2017).  \"Update to
Current Use and Deprecation of TDEA\",
`https://csrc.nist.gov/News/2017/Update-to-Current-Use-and-Deprecation-of-TDEA'"
  (let ((cipher (plist-get status :cipher)))
    (and (string-match "\\b3DES\\b" cipher)
         (format-message
          "3DES cipher (%s) is weak"
          cipher))))