-----BEGIN PGP SIGNED MESSAGE----- On Sun, 11 May 1997, Black Unicorn wrote:
As I recall, 3des ( DESk1 -> DESk2^-1 -> DESk3 ) has an effective keylength of 112 bits. Less than IDEA. Schneier discusses this.
That's only the best case (for the cryptanalyst). Breaking 3DES with only 2^112 encryptions requires 2^56 plaintext-ciphertext pairs. Schneier says this is about 10^17 bytes.
I dislike this line of argument for several reasons. It reduces security to the lowest common denominator. Because, the argument goes, few people will use more than a 21 character passphrase, then we need not design anything with more security.
In reality, I think that the percentage of people who use more than an 8 character passphrase, especially outside these circles, is small. Following your logic, our high end of security should be about 48 bits.
Very true. I was not arguing that security should be reduces to the lowest common denominator but that using excessively long key sizes does little good. Anything over 256 bits is, IMHO, overkill and 160 bits is enough to make brute-force attacks infeasible.
It costs little today to develop a cipher with larger keyspace. (DES with independent subkeys already exists and has a basic keyspace of 768 bits. A meet in the middle attack reduces keyspace to 2^384. Schneier discusses the cipher briefly). If users are willing to deal with large keys (I certainly am) then software designers are restraining a more secure implementation.
I'm very suspicious of any cipher with independant subkeys. Apparently, this makes chosen-key attacks *very* easy. Chosen-key attacks aren't very practical, but it doesn't give me a good feeling about the relative security of the cipher. Some combination, like triple-DES using variable S-boxes would probably be a little more secure. Mark -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQEVAwUBM3ekFyzIPc7jvyFpAQE21Qf/bepXHyyXBPY33tytKtWQh3isjzqrSqH2 nOtg8qbuDI31W9Jo3RK2KN4nvHLHyPjlrkTT4M07oOhBqNm/Y+xD7ABOvnxkzVal L7jQbqF3iaJZRhHUyMP0tI+RlyIdtHTN0l7Qt+P/Jfb81uBm5sGPMh9vM3s9/Wav oP/XHvkX24OnDlnIfpMj+WnLyXx1a6Rs9oyEfv+/k1/7Lo9UwZMSdjV36UDNj8kG gYBA7eCLMs+3OfcKAlP4wD8TgBfzD3DH93ME5eBtAM/yYzQI5X+tdpIZJ2C3wFZI oX89+1Kh1AgHJ3Hj7mZKJGvlT3S3rSxL36CQUDAH9NNAPpazOPC3Vg== =Kwd2 -----END PGP SIGNATURE-----