1993-10-16 - Triple-DES strength (was Re: Monitor radiation overlooking.)

Header Data

From: cme@ellisun.sw.stratus.com (Carl Ellison)
To: blaster@rd.relcom.msk.su
Message Hash: 1f25e7cfd7eee30e167f3740dc0ae71772a4141badafa50f5353a6916499ad0e
Message ID: <9310161549.AA16807@ellisun.sw.stratus.com>
Reply To: N/A
UTC Datetime: 1993-10-16 15:57:18 UTC
Raw Date: Sat, 16 Oct 93 08:57:18 PDT

Raw message

From: cme@ellisun.sw.stratus.com (Carl Ellison)
Date: Sat, 16 Oct 93 08:57:18 PDT
To: blaster@rd.relcom.msk.su
Subject: Triple-DES strength (was Re:  Monitor radiation overlooking.)
Message-ID: <9310161549.AA16807@ellisun.sw.stratus.com>
MIME-Version: 1.0
Content-Type: text/plain


You wrote:

>Some words about DES - I spoke with one cryptoanalisyst from
>KGB and he sow, that for number crypto algotitm c(key, text)
>(key is keyLength tall) present f(key, text), that for all
>key1 and key2 present key with length keyLength, that
>c(key2, c(key1, text))==f(key, text).
>
>He also say, that now present f() for c()=des(), more f() wery
>like des().
>
>That`s why for decrypting of des(k1, des(k2, ... des(kN, text) ... ))
>we must try 2^56 keys with spetial function.

I suspect that you will get several comments about the proof that DES
isn't a group.  That doesn't apply here since you have not claimed that
f() is DES -- only that it's DES-like.

I would expect the strength of triple-DES to show up in Diff.Cryp. attacks,
but maybe not.

Meanwhile, I stick to my sci.crypt suggestion:

	compress|des|tran|des|tran|des

If you could get more details from your KGB friend about that attack,
there are one or two people here who would be very interested. :-)

 - Carl





Thread