[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: dispersed DES



In local.cypherpunks you write:

>I have come up with (and implemented) a version of triple DES for true
>paranoids, which I call dispersed DES.  All I do is append four bytes to
>the beginning of the output files for each cycle of triple DES.  It seems
>like this should provide even more security than triple DES, but I am no
>expert. Any comments?  Please include "[email protected]" in your replies,
>as I am unable to maintain access to the mailing list because of volume.
>Thanks.

>David C. Taylor
>[email protected]

You have to be really careful when you invent new cipher modes, almost
as much as when you invent an entire new cipher.

It sounds like you have weakend 3-DES.  Where do you get these 4 bytes?
If they are fixed or deterministically generated, you will have made it
possible for an attacker who can brute-force 1-DES (e.g., with a Weiner
machine) to "peel off" each single DES key.  Instead of a 112 (or 168) bit
work factor (as with 3-DES), you'd end up with a 57 or 58 bit work factor.

If you randomly generate the 4 bytes, you have to carefully evaluate your
random number method.  In any case it sounds like your mode is the weaker
of 3-des and 1-des*(the complexity of your random bit generator).

Perhaps I don't understand how your scheme works.  Also, what intuition
makes you think that it's stronger than plain old 3-DES?

-matt