On 12/26/05, Ben Laurie <[EMAIL PROTECTED]> wrote: > Surely if you do this, then there's a meet-in-the middle attack: for a > plaintext/ciphertext pair, P, C, I choose random keys to encrypt P and > decrypt C. If E_A(P)=D_B(C), then your key was A.B, which reduces the > strength of your cipher from 2^x to 2^(x/2)?
Almost true. The cardinality of the symmetric group S_(2^x) is (2^x)!, so it reduces it from (2^x)! to roughly sqrt((2^x)!). That's still a lot. I suspect this is some information-theoretic limit for x-bit block ciphers. -- http://www.lightconsulting.com/~travis/ "Vast emptiness, nothing sacred." -- Bodhidharma -><- GPG fingerprint: 50A1 15C5 A9DE 23B9 ED98 C93E 38E9 204A 94C2 641B --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]