Breaking DES
Perry E. Metzger
pmetzger at lehman.com
Mon Oct 11 15:59:50 PDT 1993
Karl Lui Barrus says:
> Encrypting with k1 and then k2 leaves you open to the "meet in the
> middle" attack.
>
> Say I get a copy of the plaintext and ciphertext. I could encrypt the
> plaintext with 2^56 keys, and decrypt the ciphertext with 2^56 keys.
> Then by matching results of the above steps, I could figure out k1 and
> k2.
Tell you what, Karl -- when you build the device that can store 2^56
encryptions, let us know. You'll make a mint in the storage technology
business. Also let us know how you'll index and fetch the encryptions
in any reasonable time while you are at it, but by comparison thats a
tiny problem.
> The work for this attack is 2^56 + 2^56 = 2^57, which suggests that
> double encryption doesn't increase the complexity of breaking your
> text very much.
Karl, are you sure that you want people to think you believe this?
Perry
More information about the cypherpunks-legacy
mailing list