1995-10-27 - Re: MD4-derived hash functions

Header Data

From: John Lull <lull@acm.org>
To: hallam@w3.org
Message Hash: 28dcd5b446502adf255959ea070d384e19e87e50a0634e13d448fc1e096bd1ff
Message ID: <199510270413.VAA29718@ix7.ix.netcom.com>
Reply To: <9510261603.AA26221@zorch.w3.org>
UTC Datetime: 1995-10-27 04:30:13 UTC
Raw Date: Fri, 27 Oct 1995 12:30:13 +0800

Raw message

From: John Lull <lull@acm.org>
Date: Fri, 27 Oct 1995 12:30:13 +0800
To: hallam@w3.org
Subject: Re: MD4-derived hash functions
In-Reply-To: <9510261603.AA26221@zorch.w3.org>
Message-ID: <199510270413.VAA29718@ix7.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 26 Oct 1995 12:03:57 -0400, you wrote:

> 3DES with only two independent keys is only slightly more secure than
> DES, consider a variant of the meet in the middle attack exploiting 
> the fact that the constraint network is reductible to two equations
> in one unknown.

I believe you meant 2DES?  I've not heard of a meet in the middle
attack on 2-key 3DES better than brute force of a 112-bit key.

Even for 2DES, or for 3-key 3DES, doesn't a meet in the middle attack
require on the order of 2^56 words of memory?  This, as a practical
matter, makes a brute-force attack much more difficult than it would
appear at first glance.






Thread