MD4-derived hash functions
David A Wagner
daw at quito.CS.Berkeley.EDU
Sat Oct 28 17:46:40 PDT 1995
-----BEGIN PGP SIGNED MESSAGE-----
In article <199510270413.VAA29718 at ix7.ix.netcom.com>,
John Lull <lull at acm.org> wrote:
>
> Even for 2DES, or for 3-key 3DES, doesn't a meet in the middle attack
> require on the order of 2^56 words of memory?
>
Actually, as it turns out, van Oorschot & Wiener have a recent paper
which describes how to break 2DES without the huge space requirements
without sacrificing too much time (by using their parallel collision
search method). They estimated the cost to break 2DES via specialized
hardware, and decided that breaking 2DES was only about 2^14 times as
costly as breaking DES.
The conclusion to take away from this is simple: double encryption
doesn't give you much extra security over single encryption. Don't
use double encryption.
- ---
[This message has been signed by an auto-signing service. A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service
iQBFAwUBMJLKmSoZzwIn1bdtAQEk5gF/VtAgBNgB6o8SrTWSSMaciikdzoVCIqYF
JdXxs4pWt6ueY8WVsSEj5yU5EKAT0/4M
=6YNF
-----END PGP SIGNATURE-----
More information about the cypherpunks-legacy
mailing list