Is 3DES Broken?
Jon Callas
jon at callas.org
Mon Feb 7 21:13:23 EST 2005
On 4 Feb 2005, at 10:51 AM, Greg Rose wrote:
>
> I'm surprised that no-one has said that ECB mode is "unsafe at any
> speed".
>
Because if they did, some smartass would chime in and say that ECB mode
is perfectly fine at some speeds.
For example, you could safely encrypt one bit in ECB mode, particularly
if you permitted, nay encouraged the other 63 or 127 to be arbitrary
nigh unto random. Surely you don't need to have an IV and padding and
all if the small block were random-padded.
We'd then get into a long debate over how many bits can be handled in
such a system. 32? 127? 128?
Then some other smartass would suggest that it's more efficient in such
a case to just XOR the key on the data and effectively just use a
one-time pad. And then we'd digress into a rambling discussion on
one-time pads and how practical they are in "real" applications.
Finally, some uber-smartass would point out that you can even get rid
of the OTP by taking those small bits of data and padding appropriately
and using a public-key op.
By then, we'd all have lost sight of the fact that the main topic here
is whether 3DES is "broken" and that the answer is a simple, "no." (And
it's a good thing that this is Cryptography, not Cypherpunks, as then
there'd be another digression about Nader and how good the Corvair was
or wasn't, along with URLs of nicely restored examples on eBay.)
This is why no one has had the temerity to suggest that ECB mode is
unsafe at any speed.
Helpfully,
Jon
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list