[19438] in bugtraq
Re: Nortel CES (3DES version) offers false sense of securitywhen
daemon@ATHENA.MIT.EDU (Jack Lloyd)
Wed Feb 28 18:05:32 2001
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-ID: <Pine.LNX.4.21.0102281308380.20206-100000@chimera.acm.jhu.edu>
Date: Wed, 28 Feb 2001 13:14:32 -0500
Reply-To: Jack Lloyd <lloyd@ACM.JHU.EDU>
From: Jack Lloyd <lloyd@ACM.JHU.EDU>
X-To: Rogier Wolff <R.E.Wolff@BITWIZARD.NL>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <200102281406.PAA11155@cave.bitwizard.nl>
> Similarly: 3DES isn't stronger than 112 bits. I'm not claiming that
> 3DES is weaker than 112 bits. I claim that some smart people found
> that cracking 3DES requires only on the order of 2^112 operations,
2^112 operations, given 2^56 blocks of memory. Since DES has an 8 byte
block, that's 512 petabytes. That's a lot of memory, at least in my book.
> and that keying 3DES with 112bits of significant key was possible, and
> that therefore it is useless to use 3DES with more than 112 bits of
> key.
>
> Why is DES keyed with 56 bits, and not 64? Nobody seemed to know until
> a few years ago someone showed that keyed with 56 or 64 bits,
> cryptanalysis of DES requires 2^56 operations. The same should be done
> with 3DES: If cryptanalysis can be done in 2^112 operations, it should
> be keyed with 112 bits, and not with an arbitrarily higher number.
3DES keyed with 112 bits of key can be broken with 2^56 operations and
2^56 memory, which is much easier than the 2^112 operations and 2^56
memory that is required to break 3DES with a 168 bit key.
Jack
