[Cryptography] key lengths in different places

Robin Wood robin at digi.ninja
Fri May 26 16:46:22 EDT 2017 

On Fri, 26 May 2017, 18:47 Michael Kjörling, <michael at kjorling.se> wrote:

> On 26 May 2017 15:33 +0000, from robin at digi.ninja (Robin Wood):
> > Does this make sense? Are there different bit lengths depending on what
> you
> > are talking about and if so, is there a way to know which is being
> reported?
>
> DES has a 64 bit key, of which eight bits (one bit per byte) was
> traditionally used for parity and has no cryptographic value, being
> ignored by the cipher. Thus 56 bits of key material are used for
> single-DES.
>
> 3DES has several different keying modes, but can be used with three
> independent DES keys (Wikipedia refers to this as "keying option 1").
> That is nominally 3 x 64 bits = 192 bits of key material, but because
> only 56 bits of each key is used, only 3 x 56 bits = 168 bits of key
> material is used. This is often referred to as 168-bit 3DES, but
> calling it 192-bit 3DES is as valid as saying that DES uses a 64-bit
> key; that is, not completely correct, but at least has some basis in
> reality.
>
> 3DES with three independent keys is vulnerable to a meet-in-the-middle
> attack, which reduces the _effective_ security to that of two
> applications of DES, corresponding to 2 x 56 = 112 bits of security
> for 168 bits of actual key material. The security level is thus the
> same as a cipher where no such shortcut exists but which uses a 112
> bit key. The work factor for a brute force attack is thus 2^112.
>
> All of "192 bits", "168 bits" and to some extent "112 bits" are thus
> valid answers to the question "what is the key size of 3DES"; it all
> depends on what specific metric you are looking at.
>
> Assuming triple DES with three independent keys, 192 bits is the size
> of the physical key; 168 bits is the amount of key material used; and
> 112 bits is the work factor for breaking the resulting encryption by
> brute force.
>
> Most often we are interested either in the amount of key material
> actually used, or the work factor; so calling 3DES with three
> independent keys as using a 168-bit key, or as having a 112-bit work
> factor, is likely the most useful. The combination of this also works,
> obviously; 3DES with three independent keys takes 168 bits of key
> material to deliver the security of a 112-bit work factor.
>

A brilliant explanation, thanks.

I'll have to work out which version the different tools I use use.

Robin




> https://en.wikipedia.org/wiki/Triple_DES#Security
>
> --
> Michael Kjörling • https://michael.kjorling.semichael at kjorling.se
>                  “People who think they know everything really annoy
>                  those of us who know we don’t.” (Bjarne Stroustrup)
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170526/1c5595e8/attachment.html>

More information about the cryptography mailing list