On Thu, Jul 12, 2001 at 07:53:29AM -0400, Michael H. Warfield wrote: > Most of them don't lose bits but, if you have a known plaintext > situation, you have a condition for a "meet in the middle" attack where > you attack the crypto system from both ends, encrypting the plaintext > with K2 and decrypting with K1 searching for matching results in the > middle. Bruce Schneier covers this attack in "Applied Cryptography" One of those "must have books". I've heard about it for years. Maybe I should wander the Dublin bookshops this weekend :-) > in discussing 3-DES and why a double application of DES is not significantly > stronger than a single application. With enough memory, you effectively > only gain one bit of strength (you double the difficulty of busting it) > over the single encryption. > > So your example of: > > y = f(k1,f(k2,x)) > > Where k1 and k2 are two independent keys of length (n). > > Is only roughly equivalent to: > > y = f(Ka,x) > > Where ka is a key of length (n+1), not (2*n). So I was not really wrong in suggesting in my original post that for a given keysize, applied twice, 128 <= effective keysize <= 256 or better stated n <= eks <= 2n It's just that the results fall at the bottom end. -- ------------------------------------------------------ Use Linux: A computer Dale Amon, CEO/MD is a terrible thing Village Networking Ltd to waste. Belfast, Northern Ireland ------------------------------------------------------ Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
