[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-crypto
Subject:    Re: (AES) loopback crypto questions
From:       "Michael H. Warfield" <mhw () wittsend ! com>
Date:       2001-07-12 1:44:08
[Download RAW message or body]

On Wed, Jul 11, 2001 at 05:30:31PM -0400, Henry Spencer wrote:
> On Wed, 11 Jul 2001, Michael H. Warfield wrote:
> > ...A "double DES"
> > would only have the equivalent strength of roughly 57 bits (for two
> > rounds of 56 bit DES) where as 3-DES defeats the meet in the middle
> > attack resulting in 112 bit strenght for EDE two key mode or 168 bits
> > where all three keys are independent.

> Small correction:  it's 112 bits either way.  Even with three independent
> keys, a meet-in-the-middle attack remains possible, but one side of the
> attack has to deal with a pair of DES keys rather than just one.  The
> difference between 56 and 112 is between costs of the order $100k and
> costs that even NSA (probably) can't afford. 

	Welll....  As long as we are picking nits, that's roughly 113
bits due to the double encryption to perform the meet in the middle
attack.  That, plus the massive amount of memory required...  But we
are picking nits...  :-)  I think we both made the point about the double
encryption.  :-)

>                                                           Henry Spencer
>                                                        henry@spsystems.net

	Mike
-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw@WittsEnd.com
  (The Mad Wizard)      |  (678) 463-0932   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!


Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/

[prev in list] [next in list] [prev in thread] [next in thread]