1 |
kashani <kashani-list@××××××××.net> at Friday 27 June 2008, 02:28:21 |
2 |
> Here's a reference to the interesting meet-in-the-middle attack which |
3 |
> reduced 3DES key space down to 112 bits from 192. |
4 |
3DES always had an effective key size of 112 bits, because it uses the |
5 |
original DES algorithm applied in the following scheme E1(D2(E1(M)) with |
6 |
two different 56-bit DES keys. 3DES never had 192 bit keys. |
7 |
|
8 |
The meet-in-the-middle attack has nothing to do with 3DES. In fact, 3DES |
9 |
was designed the way it works now to _prevent_ meet-in-the-middle attacks. |
10 |
Such attacks can be applied to ciphers, that apply a single algorithm with |
11 |
two different keys: E1(E2(M)) |
12 |
|
13 |
Mathematical, the key size of the latter cipher is equal to 3DES: 56+56 = |
14 |
112. But the latter cipher is vulnerable to meet-in-the-middle attacks, |
15 |
which is why 3DES uses the second key to apply the DES decryption function |
16 |
with a different key right between the consecutive DES encryptions. |
17 |
|
18 |
> Obviously that was unknown when 3DES was built. |
19 |
I doubt. If meet in the middle was unknown at the time of 3DES development, |
20 |
we wouldn't have 3DES today, but 2DES, being as simple as E1(E2(M)). |
21 |
|
22 |
-- |
23 |
Freedom is always the freedom of dissenters. |
24 |
(Rosa Luxemburg) |