[Cryptography] 3DES security?
Scott Kelly
scott at hyperthought.com
Thu Aug 27 09:10:58 EDT 2015
On Aug 26, 2015, at 5:36 PM, Derek Atkins <derek at ihtfp.com> wrote:
> Henry,
>
> On Wed, August 26, 2015 8:07 pm, Henry Baker wrote:
>> What's the current best estimate for the (in)security of 3DES, in bits ?
>
> 2-key or 3-key 3DES? Generally 3DES implies 2-key EDE, which equates to
> 112-bit security. 3-Key 3DES uses more key bits, but my recollection is
> that it doesn't significantly increase the security.. So I would treat
> 3DES as 112-bit security. To date, the best known attack against DES is
> brute force.
>
There are at least two other known attacks: meet in the middle, and related keys. These are described in RFC4772 and elsewhere. One of the MITM attacks (by Lucks) reduces the strength to 108 bits.
> The REAL issue with 3DES is that it's still only a 64-bit block size so
> you have a 1 in 2^64 chance of randomly guessing the mapping from a
> plaintext block to a cipher block, regardless of the keys. Of course you
> need to repeat this mapping on every block, so it doesn't necessarily buy
> you anything.
>
> -derek
>
> --
> Derek Atkins 617-623-3745
> derek at ihtfp.com www.ihtfp.com
> Computer and Internet Security Consultant
>
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography
More information about the cryptography
mailing list