Re: 3-DES

"stan" <stan@xxxxxxxxxx> wrote in message
news:anqmt1d70hgg43k7air2ps20ndko0dp2v6@xxxxxxxxxx
> On Sat, 28 Jan 2006 09:36:04 GMT, "Joseph Ashwood" <ashwood@xxxxxxx>
> wrote:
>
>>"M5vip" <m5vip@xxxxxxxxx> wrote in message
>>news:1138437612.004972.213050@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
>>>I want to Ask if The strength of 3-DES with 3-different Key is equal
>>> to strength of 3-DES with Only two different key? OR Less
>>
>>Currently, they are equal, or at least so close as to indistinguishable.
>>They both sit at either 112-bits or 90-bit depending on how interpret the
>>results. The biggest risk with either of them is that after 32GB the
>>security quickly drops.

> Is the security drop due to becoming distinguishable, or are you
> talking about something more serious like recovering plaintext?

There are two major attacks on 3DES. One of them (meet-in-the-middle)
reduces it to the strength of 2-keys in stead of 3 and applies to all triple
encryption.

The second, which I can never seem to remember the name of, reduces the
strength of 3DES to (2^120)/known texts difficulty.

Both recover the key, both are generally considered too compute intensive
for application at this time. Key recovery is generally considered at least
as bad, and in many cases worse than recovering plaintext because now the
attacker can become indistinguishable from one or both of the ends, and can
wreak all kinds of havoc.

> And would re-keying prior to 32GB retain the intial security or am I
> missing something?

Rekeying fixes the 32GB limit of all 64-bit block ciphers, also note that
this assumes a good chaining mode is used.
Joe


.