[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: dispersed DES

To: [email protected]
Subject: Re: dispersed DES
From: Matt Blaze <[email protected]>
Date: Thu, 26 May 94 11:03:34 EDT
Cc: [email protected]
Newsgroups: local.cypherpunks
References: <[email protected]>
Sender: [email protected]

In local.cypherpunks you write:

>I have come up with (and implemented) a version of triple DES for true
>paranoids, which I call dispersed DES.  All I do is append four bytes to
>the beginning of the output files for each cycle of triple DES.  It seems
>like this should provide even more security than triple DES, but I am no
>expert. Any comments?  Please include "[email protected]" in your replies,
>as I am unable to maintain access to the mailing list because of volume.
>Thanks.

>David C. Taylor
>[email protected]

You have to be really careful when you invent new cipher modes, almost
as much as when you invent an entire new cipher.

It sounds like you have weakend 3-DES.  Where do you get these 4 bytes?
If they are fixed or deterministically generated, you will have made it
possible for an attacker who can brute-force 1-DES (e.g., with a Weiner
machine) to "peel off" each single DES key.  Instead of a 112 (or 168) bit
work factor (as with 3-DES), you'd end up with a 57 or 58 bit work factor.

If you randomly generate the 4 bytes, you have to carefully evaluate your
random number method.  In any case it sounds like your mode is the weaker
of 3-des and 1-des*(the complexity of your random bit generator).

Perhaps I don't understand how your scheme works.  Also, what intuition
makes you think that it's stronger than plain old 3-DES?

-matt

Follow-Ups:
- Re: dispersed DES
  - From: David C. Taylor <[email protected]>

Prev by Date: My 2.3a Key is listed as a 2.6 (Aaargh!)
Next by Date: Re: Response to Uni's "Lawsuit" Message
Prev by thread: dispersed DES
Next by thread: Re: dispersed DES
Index(es):
- Date
- Thread