Re: 3DES versus SHA-1

From: Roberto Rotta (rotta_AVOIDING_VACATION_REPLY@subdimension.com)
Date: 07/12/02 

Date: Fri, 12 Jul 2002 13:24:31 +0200
From: Roberto Rotta <rotta_AVOIDING_VACATION_REPLY@subdimension.com>
To: Rory <nazgul@csn.ul.ie>

On Fri, Jul 12, 2002 at 02:10:08AM +0100, Rory wrote:
> > > 3DES is pretty solid for the moment,the MITM attack you are talking about
> > > doesn't really make sense for a cipher I beleive you are getting confused
> > > with the problem that some protocols that use 3DES (SSL and such). While
> > > these do suffer from a pretty complicate MITM attack this is not a
> > > reflection on the security of 3DES at all. DES itself has been broken but
> > > that was only due to it's short key length and 3DEs does not suffer from
> > > this problem. There is also the fact the DES has been around for years and
> > > has been beaten on by some of the best crypto people in the word and has
> > > come out of it looking pretty good so you know you have a solid cipher.
> >
> > No, meet-in-the-middle is an attack against 2DES,
> > man-in-the-middle are totally different thing. 2DES is DES
> > applied twice with 2 keys. So you have your msg X, your first key
> > K1 and the second one K2.
> >
> > Note: function[key](msg)
> >
> > 2DES(X) is
> > DES[K2]( DES[K1](X) ) = Y
> > then...
> > Inverse_of_DES[K2](Y) = DES[K1](X)
> > Suppose you know (X, Y) and want to find the keys (K1, K2).
> > Crypt X with all 2^56 K1 possible keys and decrypt Y with
> > 2^56 K2 keys. Now you can meet-in-the-middle. If consider
> > a second couple, we say (X', Y'), can attack the keys more
> > quickly.
> >
> > Indeed, 2DES is not better than DES, even if it has 2^112 keys.
> > You can break 2DES with 2^56 attempts, the same number of a brute
> > force against DES
> >
> > Hope what I've said is clearly, because I'm learning to speak
> > english
> >
> ahhh right you are quite correct I just misread you earlier posting, my
> apologies.

Don't excuse you, we are here to discuss. Moreover, it wasn't me...

> Although 2DES was not being considered here is was 3DES is and
> it works
> like so.
>
> two keys: K1, K2.
>
> DES_encrypt(data, K1)
> DES_decrypt(data, K2)
> DES_encrypt(data, K1)
>
> Does this suffer from the same weakness you detailed in your
> above mail ?

No, it doesn't. This is why DES and 3DES are useful, while 2DES
isn't

-Roberto

Relevant Pages

  • Re: Encrypting again an already encrypted file increase security ?
    ... > If I encrypt exactly this file again with another encryption algorithm tool ... twice, with different keys. ... because every concatenation of cipher operations is a cipher ... On the other hand, if you do the same with DES, things are different. ...
    (sci.crypt)
  • Re: 3DES versus SHA-1
    ... > Also DES can give you an hash of your message. ... >> 3DES is pretty solid for the moment,the MITM attack you are talking about ... >> that was only due to it's short key length and 3DEs does not suffer from ... > applied twice with 2 keys. ...
    (Security-Basics)
  • Re: =?windows-1252?Q?The_Renaissance_is_Here_=96_SD_cryptography=2E?=
    ... cipher in itself. ... alphabet later to create keys ad hoc, ... All modern cryptography depends on going public with the vitally ... Even RSA and other public-key algorithms do not ...
    (sci.crypt)
  • Re: Initializing GFSR Generators.
    ... It is important to see the system around "the cipher" ... I innovated an "alias file" to hold the actual keys, ... somebody has to get through a combiner ...
    (sci.crypt)
  • Re: Should be in crypto for John E. Hadstate Re: just stupid?
    ... >>authority error? ... > doubt that Shannon would call himself a cipher designer. ... >>conventional block ciphers, some keys could ... > We are not talking about analyzing each key; ...
    (sci.crypt)
Loading