On Wed, Jul 11, 2001 at 05:30:31PM -0400, Henry Spencer wrote: > On Wed, 11 Jul 2001, Michael H. Warfield wrote: > > ...A "double DES" > > would only have the equivalent strength of roughly 57 bits (for two > > rounds of 56 bit DES) where as 3-DES defeats the meet in the middle > > attack resulting in 112 bit strenght for EDE two key mode or 168 bits > > where all three keys are independent. > Small correction: it's 112 bits either way. Even with three independent > keys, a meet-in-the-middle attack remains possible, but one side of the > attack has to deal with a pair of DES keys rather than just one. The > difference between 56 and 112 is between costs of the order $100k and > costs that even NSA (probably) can't afford. Welll.... As long as we are picking nits, that's roughly 113 bits due to the double encryption to perform the meet in the middle attack. That, plus the massive amount of memory required... But we are picking nits... :-) I think we both made the point about the double encryption. :-) > Henry Spencer > henry@xxxxxxxxxxxxx Mike -- Michael H. Warfield | (770) 985-6132 | mhw@xxxxxxxxxxxx (The Mad Wizard) | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it! Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
