[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: MD4-derived hash functions

On Mon, 30 Oct 1995, Mark wrote:

> >The conclusion to take away from this is simple: double encryption
> >doesn't give you much extra security over single encryption.  Don't
> >use double encryption.
> That doesnt make sense. If one accepts that double encryption is securer than
> single encryption, wether marginally or twice as secure, why not use it?

Ah yes, but the vagarities of crypto don't lend themselves to real-world 
analogies so easily. With crypto schemes, if you use double-encryption, 
you effectively halve the amount of time needed to crack them. This is 
because of the "man in the middle attack." Schneier talks about it in 
Applied Crypto, and I am sure others on this list know the technical 
details better than I.

What Schneier says has been proven to be secure is, instead, a triple 
encryption scheme. Using two different keys, it goes something like this 
(if memory serves):

	Cipertext = P1xorEK1 -> C1xorDK1 -> C2xorEK1

Where P1 is the plaintext, EK1 is encrypt key 1, and DK1 is decrypt key 1.

That doesn't look right the longer I consider it, but the basic idea is 
there. Encrypt, decrypt, then encrypt again.

"Freedom is meaningless unless  | [email protected] - James Childers
 you can give to those with whom| No man's freedom is safe
 you disagree." - Jefferson     |    while Congress is in session
        EA 73 53 12 4E 08 27 6C   21 64 28 51 92 0E 7C F7