Losing the Code War by Stephen Budiansky
Amir Herzberg
amir at beesites.co.il
Sun Feb 3 02:24:44 EST 2002
Ben wrote:
> marius wrote:
...
> > Not quite true. Encrypting each message twice would not increase the
> > "effective" key size to 112 bits.
> > There is an attack named "meet in the middle" which will make the
> > effective key size to be just 63 bits.
>
> ?? 56 bits "plus a little", surely.
The `meet in the middle` attack works against double encryption; that's
why Triple DES is performing three DES operations with two keys. There
are some attacks also against using three encryptions with two keys and
against Triple DES (encryption-decryption-encryption). But the attacks I
know require huge amounts of chosen plaintext or known plaintext. In
particular with t known plaintext-ciphertext pairs, the known attack on
triple-DES requires 2^120-log(t) operations. I think most applications
can limit the amount of known plaintexts to a million; this means the
complexity of attacking triple-DES is at least 2^100, which is probably
sufficiently secure for most applications.
Of course, using three different keys for the three DES operations (in
triple DES or simply in triple encryptions by DES) is expected to
considerably improve security.
I think the edge of AES is mostly when improved performance (esp. in
software) is needed.
Cheers,
Amir Herzberg
See http://amir.beesites.co.il/book.html for lectures and notes (draft
of chapters) on `secure communication and commerce using cryptography`;
feedback welcome!
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list