[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: MD4-derived hash functions
On Thu, 26 Oct 1995 12:03:57 -0400, you wrote:
> 3DES with only two independent keys is only slightly more secure than
> DES, consider a variant of the meet in the middle attack exploiting
> the fact that the constraint network is reductible to two equations
> in one unknown.
I believe you meant 2DES? I've not heard of a meet in the middle
attack on 2-key 3DES better than brute force of a 112-bit key.
Even for 2DES, or for 3-key 3DES, doesn't a meet in the middle attack
require on the order of 2^56 words of memory? This, as a practical
matter, makes a brute-force attack much more difficult than it would
appear at first glance.