From: "Perry E. Metzger" <pmetzger@lehman.com>
Date: Mon, 11 Oct 93 15:59:50 PDT
To: cypherpunks@toad.com
Subject: Re: Breaking DES
In-Reply-To: <9310112158.AA11809@flammulated.owlnet.rice.edu>
Message-ID: <9310112259.AA19226@snark.lehman.com>
MIME-Version: 1.0
Content-Type: text/plain



Karl Lui Barrus says:
> Encrypting with k1 and then k2 leaves you open to the "meet in the
> middle" attack.
> 
> Say I get a copy of the plaintext and ciphertext.  I could encrypt the
> plaintext with 2^56 keys, and decrypt the ciphertext with 2^56 keys.
> Then by matching results of the above steps, I could figure out k1 and
> k2.

Tell you what, Karl -- when you build the device that can store 2^56
encryptions, let us know. You'll make a mint in the storage technology
business. Also let us know how you'll index and fetch the encryptions
in any reasonable time while you are at it, but by comparison thats a
tiny problem.

> The work for this attack is 2^56 + 2^56 = 2^57, which suggests that
> double encryption doesn't increase the complexity of breaking your
> text very much.

Karl, are you sure that you want people to think you believe this?

Perry