Losing the Code War by Stephen Budiansky

Trei, Peter ptrei at rsasecurity.com
Mon Feb 4 11:00:27 EST 2002


I read the article (in the dead tree edition), and despite it's
technical inaccuracies, thought it was generally 
pretty good.

Don't forget that the MITM attack (which Schneier claims
takes 2^(2n) = 2^112 time), also requires 2^56 blocks
of storage. That's a lot, and the attack ceases to be
parallelizable, unlike the straight brute-force attack.
In fact, it's utterly intractable at the moment. Here's
why:

2^56 bytes = 72 petabytes, and
I suspect you'd need 8 bytes per entry, or 
about 1/2 an exabyte. 

By contrast, all of morpheus is currently less than 
half of one petabyte. Google indexes about 3 billion
documents + 700 million usenet postings. At a
an estimated 100kb per item, that's roughly
the same as morpheus. 

I don't lose sleep over MITM attacks on 3DES.

Peter Trei

> ----------
> From: 	Ben Laurie[SMTP:ben at algroup.co.uk]
> Sent: 	Saturday, February 02, 2002 8:57 AM
> To: 	marius
> Cc: 	cryptography at wasabisystems.com
> Subject: 	Re: Losing the Code War by Stephen Budiansky
> 
> marius wrote:
> > 
> > "But there was an utterly trivial fix that DES users could employ if
> > they were worried
> > about security: they could simply encrypt each message twice, turning
> > 56-bit DES into 112-bit DES, and squaring the number of key sequences
> > that
> > a code breaker would have to try. Messages could even be encrypted
> > thrice;
> > and, indeed, many financial institutions at the time were already using
> > "Triple DES." "
> > 
> > Not quite true. Encrypting each message twice would not increase the
> > "effective" key size to 112 bits.
> > There is an attack named "meet in the middle" which will make the
> > effective key size to be just 63 bits.
> 
> ?? 56 bits "plus a little", surely.
> 
> Cheers,
> 
> Ben.
> 
> --
> http://www.apache-ssl.org/ben.html       http://www.thebunker.net/
> 
> "There is no limit to what a man can do or how far he can go if he
> doesn't mind who gets the credit." - Robert Woodruff
> 
> 
> 
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to
> majordomo at wasabisystems.com
> 

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com



More information about the cryptography mailing list