MD4-derived hash functions
Simon Spero
ses at tipper.oit.unc.edu
Sun Oct 29 21:36:15 PST 1995
On Mon, 30 Oct 1995, Mark wrote:
>
> That doesnt make sense. If one accepts that double encryption is securer than
> single encryption, wether marginally or twice as secure, why not use it?
>
Hi Mark -
The problem with double encryption with DES is that it's vulnerable to a
meet-in-the-middle attack if you have known plain text. You can encrypt
the plaintext with all possible keys and store them in a (big) table, then
decrypt the cypher text until you get a match with one of the values in
the table.
Doesn't work too well on an 8Mb P90 (2^59 bytes is half a peta byte), but
since memory capacity theoretically increases as the square of processor
speed, the attack becomes feasible much, much, sooner than breaking a 112
byte key.
Using 3-DES,even with only two distinct keys, makes this attack
infeasible, as the table size becomes much to large. 2-IDEA is similarly
safe (2^131 bytes of memory is a long way off (I wonder what the first
version of M$ Word to need that much memory will be).
Simon
---
(defun modexpt (x y n) "computes (x^y) mod n"
(cond ((= y 0) 1)
((= y 1) (mod x n))
((evenp y) (mod (expt (modexpt x (/ y 2) n) 2) n))
(t (mod (* x (modexpt x (1- y) n)) n))))
More information about the cypherpunks-legacy
mailing list