[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

*To*: Mark <[email protected]>*Subject*: Re: MD4-derived hash functions*From*: Simon Spero <[email protected]>*Date*: Sun, 29 Oct 1995 21:23:23 -0800 (PST)*Cc*: David A Wagner <[email protected]>, [email protected]*In-Reply-To*: <[email protected]>*Sender*: [email protected]

On Mon, 30 Oct 1995, Mark wrote: > > That doesnt make sense. If one accepts that double encryption is securer than > single encryption, wether marginally or twice as secure, why not use it? > Hi Mark - The problem with double encryption with DES is that it's vulnerable to a meet-in-the-middle attack if you have known plain text. You can encrypt the plaintext with all possible keys and store them in a (big) table, then decrypt the cypher text until you get a match with one of the values in the table. Doesn't work too well on an 8Mb P90 (2^59 bytes is half a peta byte), but since memory capacity theoretically increases as the square of processor speed, the attack becomes feasible much, much, sooner than breaking a 112 byte key. Using 3-DES,even with only two distinct keys, makes this attack infeasible, as the table size becomes much to large. 2-IDEA is similarly safe (2^131 bytes of memory is a long way off (I wonder what the first version of M$ Word to need that much memory will be). Simon --- (defun modexpt (x y n) "computes (x^y) mod n" (cond ((= y 0) 1) ((= y 1) (mod x n)) ((evenp y) (mod (expt (modexpt x (/ y 2) n) 2) n)) (t (mod (* x (modexpt x (1- y) n)) n))))

**References**:**Re: MD4-derived hash functions***From:*Mark <[email protected]>

- Prev by Date:
**Re: MD4-derived hash functions** - Next by Date:
**Re: Digicash will not fly (not)** - Prev by thread:
**Re: MD4-derived hash functions** - Next by thread:
**Re: MD4-derived hash functions** - Index(es):