[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: MD4-derived hash functions



On Mon, 30 Oct 1995, Mark wrote:

> 
> That doesnt make sense. If one accepts that double encryption is securer than
> single encryption, wether marginally or twice as secure, why not use it?
> 

Hi Mark -

The problem with double encryption with DES is that it's vulnerable to a 
meet-in-the-middle attack if you have known plain text. You can encrypt 
the plaintext with all possible keys and store them in a (big) table, then 
decrypt the cypher text until you get a match with one of the values in 
the table. 

Doesn't work too well on an 8Mb P90 (2^59 bytes is half a peta byte), but 
since memory capacity theoretically increases as the square of processor 
speed, the attack becomes feasible much, much, sooner than breaking a 112 
byte key.

Using 3-DES,even with only two distinct keys, makes this attack 
infeasible, as the table size becomes much to large. 2-IDEA is similarly 
safe (2^131 bytes of memory is a long way off (I wonder what the first 
version of M$ Word to need that much memory will be).

Simon
 ---
(defun modexpt (x y n)  "computes (x^y) mod n"
  (cond ((= y 0) 1) 
	((= y 1) (mod x n))
	((evenp y) (mod (expt (modexpt x (/ y 2) n) 2) n))
	(t (mod (* x (modexpt x (1- y) n)) n))))