I read the article (in the dead tree edition), and despite it's technical inaccuracies, thought it was generally pretty good.
Don't forget that the MITM attack (which Schneier claims takes 2^(2n) = 2^112 time), also requires 2^56 blocks of storage. That's a lot, and the attack ceases to be parallelizable, unlike the straight brute-force attack. In fact, it's utterly intractable at the moment. Here's why: 2^56 bytes = 72 petabytes, and I suspect you'd need 8 bytes per entry, or about 1/2 an exabyte. By contrast, all of morpheus is currently less than half of one petabyte. Google indexes about 3 billion documents + 700 million usenet postings. At a an estimated 100kb per item, that's roughly the same as morpheus. I don't lose sleep over MITM attacks on 3DES. Peter Trei > ---------- > From: Ben Laurie[SMTP:[EMAIL PROTECTED]] > Sent: Saturday, February 02, 2002 8:57 AM > To: marius > Cc: [EMAIL PROTECTED] > Subject: Re: Losing the Code War by Stephen Budiansky > > marius wrote: > > > > "But there was an utterly trivial fix that DES users could employ if > > they were worried > > about security: they could simply encrypt each message twice, turning > > 56-bit DES into 112-bit DES, and squaring the number of key sequences > > that > > a code breaker would have to try. Messages could even be encrypted > > thrice; > > and, indeed, many financial institutions at the time were already using > > "Triple DES." " > > > > Not quite true. Encrypting each message twice would not increase the > > "effective" key size to 112 bits. > > There is an attack named "meet in the middle" which will make the > > effective key size to be just 63 bits. > > ?? 56 bits "plus a little", surely. > > Cheers, > > Ben. > > -- > http://www.apache-ssl.org/ben.html http://www.thebunker.net/ > > "There is no limit to what a man can do or how far he can go if he > doesn't mind who gets the credit." - Robert Woodruff > > > > --------------------------------------------------------------------- > The Cryptography Mailing List > Unsubscribe by sending "unsubscribe cryptography" to > [EMAIL PROTECTED] > --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
