[10419] in cryptography@c2.net mail archive
Re: Losing the Code War by Stephen Budiansky
daemon@ATHENA.MIT.EDU (marius)
Thu Feb 7 14:23:44 2002
Message-ID: <3C61CC21.D515A99@analog.com>
Date: Wed, 06 Feb 2002 16:36:49 -0800
From: marius <marius.corbu@analog.com>
MIME-Version: 1.0
To: Joshua Hill <josh@untruth.org>
Cc: "Trei, Peter" <ptrei@rsasecurity.com>,
"'Ben Laurie'" <ben@algroup.co.uk>, cryptography@wasabisystems.com
Content-Type: text/plain; charset=iso-8859-2
Content-Transfer-Encoding: 7bit
Joshua Hill wrote:
>
> marius wrote:
> > Not quite true. Encrypting each message twice would not increase the
> > "effective" key size to 112 bits.
> > There is an attack named "meet in the middle" which will make the
> > effective key size to be just 63 bits.
>
> Peter Trei wrote:
> > Don't forget that the MITM attack (which Schneier claims
> > takes 2^(2n) = 2^112 time), also requires 2^56 blocks
> > of storage.
> [...]
> > I don't lose sleep over MITM attacks on 3DES.
>
> Unless I'm mistaken, the 2^63 operation MITM attack referenced in the
> original message referred to Double-DES, not Triple-DES. The original
> cited value of 2^63 is incorrect; the Double-DES MITM attack (as proposed
> by Merkle and Hellman) is a known plaintext attack that takes 2^57
> operations, with 2^56 blocks of storage.
>
> Your provided values are correct for attacking Triple-DES, but I don't
> think that's what the original author was referring to.
>
> Josh
2^57 operations, with 2^56 blocks of storage manipulation can be
approximated to: 2^56 * log(2^56) + 2^56 * log(2^56) = 2^62 + 2^62 =
2^63
Betting on storage as a show stopper is not a good idea, regardless of
sleep pattern.
Marius
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
