Re: dispersed DES
In local.cypherpunks you write:
I have come up with (and implemented) a version of triple DES for true paranoids, which I call dispersed DES. All I do is append four bytes to the beginning of the output files for each cycle of triple DES. It seems like this should provide even more security than triple DES, but I am no expert. Any comments? Please include "dct@newt.cs.byu.edu" in your replies, as I am unable to maintain access to the mailing list because of volume. Thanks.
David C. Taylor dct@newt.cs.byu.edu
You have to be really careful when you invent new cipher modes, almost as much as when you invent an entire new cipher. It sounds like you have weakend 3-DES. Where do you get these 4 bytes? If they are fixed or deterministically generated, you will have made it possible for an attacker who can brute-force 1-DES (e.g., with a Weiner machine) to "peel off" each single DES key. Instead of a 112 (or 168) bit work factor (as with 3-DES), you'd end up with a 57 or 58 bit work factor. If you randomly generate the 4 bytes, you have to carefully evaluate your random number method. In any case it sounds like your mode is the weaker of 3-des and 1-des*(the complexity of your random bit generator). Perhaps I don't understand how your scheme works. Also, what intuition makes you think that it's stronger than plain old 3-DES? -matt
Good point about the source of the appended bytes. The reason I think it might be more secure is that the length of the appended segment is less than the length of the key on each pass, so it would seem to be the equivalent of a one-time pad for those relying on the appended bytes to get the key. That is my only basis for not worrying about wekening effects. Any holes? dct@newt.cs.byu.edu
participants (2)
-
David C. Taylor -
Matt Blaze