[10371] in cryptography@c2.net mail archive
Re: Losing the Code War by Stephen Budiansky
daemon@ATHENA.MIT.EDU (Joshua Hill)
Mon Feb 4 12:45:24 2002
Date: Mon, 4 Feb 2002 09:38:16 -0800
From: Joshua Hill <josh@untruth.org>
To: "Trei, Peter" <ptrei@rsasecurity.com>
Cc: marius <marius.corbu@analog.com>,
'Ben Laurie' <ben@algroup.co.uk>, cryptography@wasabisystems.com
Message-ID: <20020204093816.A12537@delusion.private.untruth.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <F504A8CEE925D411AF4A00508B8BE90A01E90C03@exna07.securitydynamics.com>; from ptrei@rsasecurity.com on Mon, Feb 04, 2002 at 11:00:27AM -0500
marius wrote:
> Not quite true. Encrypting each message twice would not increase the
> "effective" key size to 112 bits.
> There is an attack named "meet in the middle" which will make the
> effective key size to be just 63 bits.
Peter Trei wrote:
> Don't forget that the MITM attack (which Schneier claims
> takes 2^(2n) = 2^112 time), also requires 2^56 blocks
> of storage.
[...]
> I don't lose sleep over MITM attacks on 3DES.
Unless I'm mistaken, the 2^63 operation MITM attack referenced in the
original message referred to Double-DES, not Triple-DES. The original
cited value of 2^63 is incorrect; the Double-DES MITM attack (as proposed
by Merkle and Hellman) is a known plaintext attack that takes 2^57
operations, with 2^56 blocks of storage.
Your provided values are correct for attacking Triple-DES, but I don't
think that's what the original author was referring to.
Josh
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
