On Wed, 11 Jul 2001, Michael H. Warfield wrote:
> ...A "double DES"
> would only have the equivalent strength of roughly 57 bits (for two
> rounds of 56 bit DES) where as 3-DES defeats the meet in the middle
> attack resulting in 112 bit strenght for EDE two key mode or 168 bits
> where all three keys are independent.
Small correction: it's 112 bits either way. Even with three independent
keys, a meet-in-the-middle attack remains possible, but one side of the
attack has to deal with a pair of DES keys rather than just one. The
difference between 56 and 112 is between costs of the order $100k and
costs that even NSA (probably) can't afford.
Henry Spencer
henry@xxxxxxxxxxxxx
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/
