[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Fwd: Cylink can export 128-bit DH?]
Mike Duvos wrote:
>
> [email protected] (Bill Frantz) writes:
>
> > Most cryptographic experts recommend Triple DES, encrypting
> > the data 3 times with 3 different keys.
>
> It's actually encrypted three times with two keys comprising
> 112 bits of keyspace, using a decrypt on one key sandwiched
> between two encrypts using the other. This prevents a "man
> in the middle" attack, which would be possible if only two
> DES encryptions were used, one for each key.
Not quite.
Double DES is subject to a "meet in the middle" attack (not a "man in
the middle"). Here's how it works:
Let's say you've got unlimited storage, and you're doing a known
plaintext attack, so you've got both the ciphertext and the plaintext in
your hand. Then, just do all 2^56 decryptions of the ciphertext, and all
2^56 encryptions of the plaintext. Then, compare the two lists to see if
you've got a match. Since it's DES, you can save a factor of two in both
time and space, because it's got the complementation property.
Assuming unlimited storage, three keys (168 bits) are equivalent to
two. However, since 2^55 is a lot of disk space, in practice a real
attacker will trade off space for time (it can be done). Thus, using
three keys is more work for the attacker than using two. So, modern
cryptographic usage is exactly as Bill said - three keys, three
encryptions. For example, S/MIME recommends the use of DES-EDE3-CBC (the
middle encryption is technically a decryption, although it doesn't
really make any difference).
Glad I could be of service.
Raph