From: “Perry E. Metzger” <pmetzger@lehman.com>
To: cypherpunks@toad.com
Message Hash: 56744bee6a62f1e6d4248224aac3c7537cbcdc51e457ff102a1b0951a226661c
Message ID: <9310112259.AA19226@snark.lehman.com>
Reply To: <9310112158.AA11809@flammulated.owlnet.rice.edu>
UTC Datetime: 1993-10-11 22:59:50 UTC
Raw Date: Mon, 11 Oct 93 15:59:50 PDT
From: "Perry E. Metzger" <pmetzger@lehman.com>
Date: Mon, 11 Oct 93 15:59:50 PDT
To: cypherpunks@toad.com
Subject: Re: Breaking DES
In-Reply-To: <9310112158.AA11809@flammulated.owlnet.rice.edu>
Message-ID: <9310112259.AA19226@snark.lehman.com>
MIME-Version: 1.0
Content-Type: text/plain
Karl Lui Barrus says:
> Encrypting with k1 and then k2 leaves you open to the "meet in the
> middle" attack.
>
> Say I get a copy of the plaintext and ciphertext. I could encrypt the
> plaintext with 2^56 keys, and decrypt the ciphertext with 2^56 keys.
> Then by matching results of the above steps, I could figure out k1 and
> k2.
Tell you what, Karl -- when you build the device that can store 2^56
encryptions, let us know. You'll make a mint in the storage technology
business. Also let us know how you'll index and fetch the encryptions
in any reasonable time while you are at it, but by comparison thats a
tiny problem.
> The work for this attack is 2^56 + 2^56 = 2^57, which suggests that
> double encryption doesn't increase the complexity of breaking your
> text very much.
Karl, are you sure that you want people to think you believe this?
Perry
Return to October 1993
Return to ““Perry E. Metzger” <pmetzger@lehman.com>”