[Cryptography] Strength of 3DES?
Jon Callas
jon at callas.org
Tue Aug 30 14:36:56 EDT 2016
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
> On Aug 30, 2016, at 7:21 AM, Scott G. Kelly <scott at hyperthought.com> wrote:
>
> On Tuesday, August 30, 2016 1:54am, "Richard Outerbridge" <outer at interlog.com> said:
>
>> But there have been persistent rumours that the actual
>> strength of 3DES is 108 bits. Anyone have a citable
>> source for that claim? Even allowing one bit for the
>> self-similar reflection property?
>> __outer
>>
>
> Lucks, S., "Attacking Triple Encryption", 1998.
> http://dl.acm.org/citation.cfm?id=740888
>
Many statements about the strength or weaknesses of crypto need little asterisk footnotes on the bald statement, because there are other assumptions.
When you cite Stefan, though, remember that his attack needs 2^56 memory.
It's far more important to note that all 64-bit block ciphers are threatened with 2^32 memory. Long before you get enough memory to lower the key grinding, you can pry the thing apart with birthday attacks, key be damned. It doesn't matter how big the key is, there's an underlying weakness in the data representation.
Jon
-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 3.3.0 (Build 9060)
Charset: us-ascii
wsBVAwUBV8XSSvaTaG6hZJn9AQh89Qf9GEe6hH9hEnSIgiteyiCjdGqXIfX9uPaG
k2IWP5kyc+jMOJB0vJQHwFlb83CnAqzkqLzNvQ42yXm0NSiXRDzMTeqrzl2Gyubv
XmTeYJU7LZHbmQfABpq3w3RppqkmXkoqRUVZbdfYLevu+ieUUgxzpm+pP/a+fdD3
1rPEPKfBmMb0EOJCQ2aSvBx62NE+CZW+tx3lJQKDDxYpWzFo58ZZopQGaZdXMqPJ
ne1cS5RiSSZr+483ndzDX2AW6S4q2ZPJWZFiGNjpNx2eKcxiOaoOaq8IcuZtOJhO
+68u9yhBi4nEEU6JDr0z/TIR3AAiWsStxk9pBLCwdBAeY/3Y/uGzIA==
=S3bE
-----END PGP SIGNATURE-----
More information about the cryptography
mailing list