[prev in list] [next in list] [prev in thread] [next in thread]
List: linux-crypto
Subject: Re: (AES) loopback crypto questions
From: Dale Amon <amon () vnl ! com>
Date: 2001-07-12 12:25:57
[Download RAW message or body]
On Thu, Jul 12, 2001 at 07:53:29AM -0400, Michael H. Warfield wrote:
> Most of them don't lose bits but, if you have a known plaintext
> situation, you have a condition for a "meet in the middle" attack where
> you attack the crypto system from both ends, encrypting the plaintext
> with K2 and decrypting with K1 searching for matching results in the
> middle. Bruce Schneier covers this attack in "Applied Cryptography"
One of those "must have books". I've heard about it for years. Maybe I
should wander the Dublin bookshops this weekend :-)
> in discussing 3-DES and why a double application of DES is not significantly
> stronger than a single application. With enough memory, you effectively
> only gain one bit of strength (you double the difficulty of busting it)
> over the single encryption.
>
> So your example of:
>
> y = f(k1,f(k2,x))
>
> Where k1 and k2 are two independent keys of length (n).
>
> Is only roughly equivalent to:
>
> y = f(Ka,x)
>
> Where ka is a key of length (n+1), not (2*n).
So I was not really wrong in suggesting in my original
post that for a given keysize, applied twice,
128 <= effective keysize <= 256
or better stated
n <= eks <= 2n
It's just that the results fall at the bottom end.
--
------------------------------------------------------
Use Linux: A computer Dale Amon, CEO/MD
is a terrible thing Village Networking Ltd
to waste. Belfast, Northern Ireland
------------------------------------------------------
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic