Nicolas Roumiantzeff wrote:
> But this 2 key tripple DES (112 bit key length) would be the best solution
> regarding the French regulation:
> It would be not stronger than 128 bit and still currently secure (where as
> simple DES is not).
> It would aslo be as resistant as the 3 key tripple DES to the
> "meet-in-the-middle"attack, described by Ben. Am I right?
I don't think so - for each saved intermediate ciphertext, you only need
to test 2^56 encryptions, so it reduces the cost of the comparison
stage, doesn't it? That is, you still need 2^112 trial encryptions, but
only 2^112 comparisons instead of 2^168. OTOH, I'm not feeling
completely awake now, so I may have got this all wrong. Still, even if
I'm right, its not a huge reduction in work, since the comparisons would
obviously be shortcut and far cheaper than the encryptions.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
- Indira Gandhi
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
