[Cryptography] 3DES security?
Derek Atkins
derek at ihtfp.com
Thu Aug 27 10:05:30 EDT 2015
Scott Kelly <scott at hyperthought.com> writes:
> On Aug 26, 2015, at 5:36 PM, Derek Atkins <derek at ihtfp.com> wrote:
>
>> Henry,
>>
>> On Wed, August 26, 2015 8:07 pm, Henry Baker wrote:
>>> What's the current best estimate for the (in)security of 3DES, in bits ?
>>
>> 2-key or 3-key 3DES? Generally 3DES implies 2-key EDE, which equates to
>> 112-bit security. 3-Key 3DES uses more key bits, but my recollection is
>> that it doesn't significantly increase the security.. So I would treat
>> 3DES as 112-bit security. To date, the best known attack against DES is
>> brute force.
>>
>
> There are at least two other known attacks: meet in the middle, and
> related keys. These are described in RFC4772 and elsewhere. One of the
> MITM attacks (by Lucks) reduces the strength to 108 bits.
The MITM attacks are why 3-key DES isn't much better than 2-key DES, and
also why EDE is preferred over EEE. The reduction from 112 to 108 is
something I didn't know about, so thank you for that reference.
>> The REAL issue with 3DES is that it's still only a 64-bit block size so
>> you have a 1 in 2^64 chance of randomly guessing the mapping from a
>> plaintext block to a cipher block, regardless of the keys. Of course you
>> need to repeat this mapping on every block, so it doesn't necessarily buy
>> you anything.
-derek
--
Derek Atkins 617-623-3745
derek at ihtfp.com www.ihtfp.com
Computer and Internet Security Consultant
More information about the cryptography
mailing list