From: daw@quito.CS.Berkeley.EDU (David A Wagner)
Date: Sun, 29 Oct 1995 08:36:02 +0800
To: cypherpunks@toad.com
Subject: Re: MD4-derived hash functions
Message-ID: <199510290023.UAA12614@book.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <9510261603.AA26221@zorch.w3.org>,  <hallam@w3.org> wrote:
> 
> 3DES with only two independent keys is only slightly more secure than
> DES, consider a variant of the meet in the middle attack exploiting 
> the fact that the constraint network is reductible to two equations
> in one unknown.
> 

Huh?  Are you sure you're not thinking of 2DES?

2DES is known to be not much more secure than DES: 2DES can be broken
with 2^56 operations and 2^56 space.  (The space requirements can be
eliminated without too much extra cost in time.)

Could you post a reference for your claim that 2-key 3DES is insecure?
Or post an attack?  Or anything?
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMJLJdSoZzwIn1bdtAQFFRQGAgPceMs6vYCq4nGQQ5QT9tOLIgiGAoY8M
B71KIQDP75TMiF1rgvorSWQsNZjzjhbm
=3bH5
-----END PGP SIGNATURE-----