[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: MD4-derived hash functions



On Thu, 26 Oct 1995 12:03:57 -0400, you wrote:

> 3DES with only two independent keys is only slightly more secure than
> DES, consider a variant of the meet in the middle attack exploiting 
> the fact that the constraint network is reductible to two equations
> in one unknown.

I believe you meant 2DES?  I've not heard of a meet in the middle
attack on 2-key 3DES better than brute force of a 112-bit key.

Even for 2DES, or for 3-key 3DES, doesn't a meet in the middle attack
require on the order of 2^56 words of memory?  This, as a practical
matter, makes a brute-force attack much more difficult than it would
appear at first glance.