Hosting Provided By

Re: 3DES key-length for data authentication

From: Michael Sierchio <kudzu(at)tenebras.com>
Date: Mon Dec 09 2002 - 13:31:48 EST

jaymo@hiwaay.net wrote:

> The effective keylength of Triple-DES is 112 bits. I don't recall the

The meet-in-the-middle time-memory trade-off attack (Cf. Merkle-Hellman) is a chosen plaintext attack, so it's applicable only if the adversary can mount such an attack -- not likely in a VPN, probably likely in an encrypted file system. It's easiest to describe for double DES -- Merkle-Hellman allows for breaking double DES with 2 keys in 2^(n+1) chosen plaintext encryptions, rather than the 2^2n you might expect. Merkle-Hellman breaks 3-DES-CBC-EDE-3K in 2^2n steps and requires 2^2n blocks of memory.

The effective key length if the adversary can mount a CPA against 3-DES-CBC-EDE-3K is 112 bits. If the adversary cannot mount the MITM attack, the effective key length is 168 bits.

In the case of using triple DES for SSH or SSL operations, my educated guess is that it actually does provide 168 bits worth of key strength. Received on Wed Dec 11 18:12:14 2002

This message: [ Message body ]
Next message: Philip Le Riche: "Re: Cygwin and SSH"
Previous message: Freddy Chavez: "Re: SFTP - only"
In reply to jaymo(at)hiwaay.net: "Re: 3DES key-length for data authentication"
Next in thread: jaymo(at)hiwaay.net: "Re: 3DES key-length for data authentication"
Reply: jaymo(at)hiwaay.net: "Re: 3DES key-length for data authentication"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:51 EDT