[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-crypto
Subject:    Re: (AES) loopback crypto questions
From:       Dale Amon <amon () vnl ! com>
Date:       2001-07-12 12:25:57
[Download RAW message or body]

On Thu, Jul 12, 2001 at 07:53:29AM -0400, Michael H. Warfield wrote:
> 	Most of them don't lose bits but, if you have a known plaintext
> situation, you have a condition for a "meet in the middle" attack where
> you attack the crypto system from both ends, encrypting the plaintext
> with K2 and decrypting with K1 searching for matching results in the
> middle.  Bruce Schneier covers this attack in "Applied Cryptography"

One of those "must have books". I've heard about it for years. Maybe I
should wander the Dublin bookshops this weekend :-)

> in discussing 3-DES and why a double application of DES is not significantly
> stronger than a single application.  With enough memory, you effectively
> only gain one bit of strength (you double the difficulty of busting it)
> over the single encryption.
> 
> 	So your example of:
> 
>  	y = f(k1,f(k2,x))
> 
> 	Where k1 and k2 are two independent keys of length (n).
> 
> 	Is only roughly equivalent to:
> 
> 	y = f(Ka,x)
> 
> 	Where ka is a key of length (n+1), not (2*n).

So I was not really wrong in suggesting in my original
post that for a given keysize, applied twice,

	128 <= effective keysize <= 256

or better stated

	n <= eks <= 2n

It's just that the results fall at the bottom end.

-- 
------------------------------------------------------
Use Linux: A computer        Dale Amon, CEO/MD
is a terrible thing          Village Networking Ltd
to waste.                    Belfast, Northern Ireland
------------------------------------------------------

Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/

[prev in list] [next in list] [prev in thread] [next in thread]