Losing the Code War by Stephen Budiansky
Trei, Peter
ptrei at rsasecurity.com
Mon Feb 4 11:00:27 EST 2002
I read the article (in the dead tree edition), and despite it's
technical inaccuracies, thought it was generally
pretty good.
Don't forget that the MITM attack (which Schneier claims
takes 2^(2n) = 2^112 time), also requires 2^56 blocks
of storage. That's a lot, and the attack ceases to be
parallelizable, unlike the straight brute-force attack.
In fact, it's utterly intractable at the moment. Here's
why:
2^56 bytes = 72 petabytes, and
I suspect you'd need 8 bytes per entry, or
about 1/2 an exabyte.
By contrast, all of morpheus is currently less than
half of one petabyte. Google indexes about 3 billion
documents + 700 million usenet postings. At a
an estimated 100kb per item, that's roughly
the same as morpheus.
I don't lose sleep over MITM attacks on 3DES.
Peter Trei
> ----------
> From: Ben Laurie[SMTP:ben at algroup.co.uk]
> Sent: Saturday, February 02, 2002 8:57 AM
> To: marius
> Cc: cryptography at wasabisystems.com
> Subject: Re: Losing the Code War by Stephen Budiansky
>
> marius wrote:
> >
> > "But there was an utterly trivial fix that DES users could employ if
> > they were worried
> > about security: they could simply encrypt each message twice, turning
> > 56-bit DES into 112-bit DES, and squaring the number of key sequences
> > that
> > a code breaker would have to try. Messages could even be encrypted
> > thrice;
> > and, indeed, many financial institutions at the time were already using
> > "Triple DES." "
> >
> > Not quite true. Encrypting each message twice would not increase the
> > "effective" key size to 112 bits.
> > There is an attack named "meet in the middle" which will make the
> > effective key size to be just 63 bits.
>
> ?? 56 bits "plus a little", surely.
>
> Cheers,
>
> Ben.
>
> --
> http://www.apache-ssl.org/ben.html http://www.thebunker.net/
>
> "There is no limit to what a man can do or how far he can go if he
> doesn't mind who gets the credit." - Robert Woodruff
>
>
>
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to
> majordomo at wasabisystems.com
>
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list