Joshua Hill wrote: > > marius wrote: > > Not quite true. Encrypting each message twice would not increase the > > "effective" key size to 112 bits. > > There is an attack named "meet in the middle" which will make the > > effective key size to be just 63 bits. > > Peter Trei wrote: > > Don't forget that the MITM attack (which Schneier claims > > takes 2^(2n) = 2^112 time), also requires 2^56 blocks > > of storage. > [...] > > I don't lose sleep over MITM attacks on 3DES. > > Unless I'm mistaken, the 2^63 operation MITM attack referenced in the > original message referred to Double-DES, not Triple-DES. The original > cited value of 2^63 is incorrect; the Double-DES MITM attack (as proposed > by Merkle and Hellman) is a known plaintext attack that takes 2^57 > operations, with 2^56 blocks of storage. > > Your provided values are correct for attacking Triple-DES, but I don't > think that's what the original author was referring to. > > Josh
2^57 operations, with 2^56 blocks of storage manipulation can be approximated to: 2^56 * log(2^56) + 2^56 * log(2^56) = 2^62 + 2^62 = 2^63 Betting on storage as a show stopper is not a good idea, regardless of sleep pattern. Marius --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
