1995-10-26 - Re: 80 bit security from 40 bit exportable products

Header Data

From: Carl Ellison <cme@TIS.COM>
To: jeffb@sware.com
Message Hash: 585d10421202cb1695a5287533acf37ff26cf59d9619d8e70d1a28af5be12c26
Message ID: <9510261534.AA08170@tis.com>
Reply To: <199510252222.PAA16375@comsec.com>
UTC Datetime: 1995-10-26 22:14:02 UTC
Raw Date: Fri, 27 Oct 1995 06:14:02 +0800

Raw message

From: Carl Ellison <cme@TIS.COM>
Date: Fri, 27 Oct 1995 06:14:02 +0800
To: jeffb@sware.com
Subject: Re: 80 bit security from 40 bit exportable products
In-Reply-To: <199510252222.PAA16375@comsec.com>
Message-ID: <9510261534.AA08170@tis.com>
MIME-Version: 1.0
Content-Type: text/plain



>Even if you assume complete independence of key setup, if a successful
>decryption at each layer can be independently detected and verified
>(which seems likely in your example), there're only about 3 * (2 ^ 40)
>total operations in the worst case, NOT 2 ^ (3 * 40) operations needed
>to expose the plaintext.  This is an effective 41.5 bits, not 120.
>

Of course.  It comes down to whether each encryption step plans some known
plaintext to be used for brute force testing of any next layer.






Thread