[19422] in bugtraq
Re: Nortel CES (3DES version) offers false sense of securitywhen
daemon@ATHENA.MIT.EDU (Valdis Kletnieks)
Wed Feb 28 10:53:14 2001
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="==_Exmh_-1543024397P";
micalg=pgp-sha1; protocol="application/pgp-signature"
Content-Transfer-Encoding: 7bit
Message-ID: <200102281436.f1SEaRe22681@foo-bar-baz.cc.vt.edu>
Date: Wed, 28 Feb 2001 09:36:27 -0500
Reply-To: Valdis.Kletnieks@VT.EDU
From: Valdis Kletnieks <Valdis.Kletnieks@VT.EDU>
X-To: Rogier Wolff <R.E.Wolff@BITWIZARD.NL>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: Your message of "Tue, 27 Feb 2001 23:38:13 +0100."
<200102272238.XAA24442@cave.bitwizard.nl>
--==_Exmh_-1543024397P
Content-Type: text/plain; charset=us-ascii
On Tue, 27 Feb 2001 23:38:13 +0100, Rogier Wolff <R.E.Wolff@BITWIZARD.NL> said:
> Still, I remember that using triple-DES with three keys only had a
> complexity on the order of 2^112. No matter what you tried.
>
> Sure you can design super-duper-crypto scheme that uses a gigantic
> key, but as long as the resulting crypto only has 2^56 complexity to
> break, it doesn't have any real advantages over, say, DES.
>
> Anyway, I can't quickly find any hard online references to back this
> up.
I seem to remember Schneier's "Applied Cryptography" discussing this. In any
case, the reason that triple-DES is limited to an *effective* 112 bits
of key is that DES is a "group". To sum up multiple pages of math, this
ends up meaning that although there may be 168 bits of keying material,
there's "duplicate" keys (instead of 2^168 different keys, you actually
have 2^112 groups of 2^56 equivalent keys).
--
Valdis Kletnieks
Operating Systems Analyst
Virginia Tech
--==_Exmh_-1543024397P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8
Comment: Exmh version 2.2 06/16/2000
iQA/AwUBOp0M6nAt5Vm009ewEQL9pwCeMIJaDD969tnzOHTZssMl9AVAVYYAoJbC
KIE03Jq+Ewlo1hr+k1jNM3ez
=c+Py
-----END PGP SIGNATURE-----
--==_Exmh_-1543024397P--
