On Thu, 26 May 1994, Matt Blaze wrote:
Assuming the 4 bytes really are unpredictable, and assuming you deal with both "ends" of the stream, there doesn't seem to be an *obvious* attack that allows independent search for each of the 2 or 3 des keys. There was a paper in Eurocrypt this year (that I haven't seen yet) that discusses some not-so-obvious properties of multi-cipher modes that may reveal another attack, however.
This was probably Eli Biham's talk during the rump session titled "Cryptanalysis of multiple modes of operation". His conclusions were basically that you should use the "traditional" triple DES -- other variants had a nasty habit of being *very* vulnerable to diff cryptanalysis. -- Rolf ---------------------------------------------------------------------- Rolf Michelsen "Standards are wonderful -- Email: rolf.michelsen@delab.sintef.no everyone should have one" Phone: +47 73 59 87 33 -- Ancient FORTH proverb ----------------------------------------------------------------------