In local.cypherpunks you write:
I have come up with (and implemented) a version of triple DES for true paranoids, which I call dispersed DES. All I do is append four bytes to the beginning of the output files for each cycle of triple DES. It seems like this should provide even more security than triple DES, but I am no expert. Any comments? Please include "dct@newt.cs.byu.edu" in your replies, as I am unable to maintain access to the mailing list because of volume. Thanks.
David C. Taylor dct@newt.cs.byu.edu
You have to be really careful when you invent new cipher modes, almost as much as when you invent an entire new cipher. It sounds like you have weakend 3-DES. Where do you get these 4 bytes? If they are fixed or deterministically generated, you will have made it possible for an attacker who can brute-force 1-DES (e.g., with a Weiner machine) to "peel off" each single DES key. Instead of a 112 (or 168) bit work factor (as with 3-DES), you'd end up with a 57 or 58 bit work factor. If you randomly generate the 4 bytes, you have to carefully evaluate your random number method. In any case it sounds like your mode is the weaker of 3-des and 1-des*(the complexity of your random bit generator). Perhaps I don't understand how your scheme works. Also, what intuition makes you think that it's stronger than plain old 3-DES? -matt