[Cryptography] Strength of 3DES?
Ray Dillinger
bear at sonic.net
Tue Aug 30 18:20:15 EDT 2016
On 08/30/2016 11:36 AM, Jon Callas wrote:
>
>
> When you cite Stefan, though, remember that his attack needs 2^56 memory.
>
> It's far more important to note that all 64-bit block ciphers are threatened with 2^32 memory.
'Tis true, but the SWEET32 attack still requires a buttload
of ciphertext.
Key grinding can get plaintext even from just a few kilobytes
of ciphertext. But yeah, if you've really got 126 gallons
(honest, that's how much a buttload actually is!) of ciphertext,
then the SWEET32 attack is much much easier.
Bear
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160830/01cf4601/attachment.sig>
More information about the cryptography
mailing list