[Cryptography] key lengths in different places

Natanael natanael.l at gmail.com
Fri May 26 12:56:45 EDT 2017

[a summary of 3DES details...]

Yes this is all normal for 3DES. When talking about bit strength we talk
about the approximate equivalent amount of CPU power required to crack it
for the best known applicable attack versus raw bruteforce.

A regular secure cipher designed for 112 bits would then require
approximately as much power to crack as 3DES despite the 168 bits worth of
key bits.

This is due to meet-in-the-middle attacks, which you likely already have
heard of as an explanation of why it's just estimated at 112 bits of
security. Encrypt-decrypt-encrypt then gives us just 56x2 = 112 bits of
security instead of 56x3 = 168.

Unfortunately there's no real standard for how to report bit length vs
strength in cases like this. Some people suggest using the term work factor
(WF) with the same bit metric as above to describe it, separate from the
keyspace / bit length of the key.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170526/10fe0c35/attachment.html>

More information about the cryptography mailing list