From: Matt Blaze <mab@crypto.com>
To: dct@python.cs.byu.edu
Message Hash: 3eca705c7150ee347aad6cf1d30cb97bddb7106f9f75722f009bd2b2f6ff874b
Message ID: <9405261503.AA23050@crypto.com>
Reply To: <1994May26.144642.22363@crypto.com>
UTC Datetime: 1994-05-26 15:11:22 UTC
Raw Date: Thu, 26 May 94 08:11:22 PDT
From: Matt Blaze <mab@crypto.com>
Date: Thu, 26 May 94 08:11:22 PDT
To: dct@python.cs.byu.edu
Subject: Re: dispersed DES
In-Reply-To: <1994May26.144642.22363@crypto.com>
Message-ID: <9405261503.AA23050@crypto.com>
MIME-Version: 1.0
Content-Type: text/plain
In local.cypherpunks you write:
>I have come up with (and implemented) a version of triple DES for true
>paranoids, which I call dispersed DES. All I do is append four bytes to
>the beginning of the output files for each cycle of triple DES. It seems
>like this should provide even more security than triple DES, but I am no
>expert. Any comments? Please include "dct@newt.cs.byu.edu" in your replies,
>as I am unable to maintain access to the mailing list because of volume.
>Thanks.
>David C. Taylor
>dct@newt.cs.byu.edu
You have to be really careful when you invent new cipher modes, almost
as much as when you invent an entire new cipher.
It sounds like you have weakend 3-DES. Where do you get these 4 bytes?
If they are fixed or deterministically generated, you will have made it
possible for an attacker who can brute-force 1-DES (e.g., with a Weiner
machine) to "peel off" each single DES key. Instead of a 112 (or 168) bit
work factor (as with 3-DES), you'd end up with a 57 or 58 bit work factor.
If you randomly generate the 4 bytes, you have to carefully evaluate your
random number method. In any case it sounds like your mode is the weaker
of 3-des and 1-des*(the complexity of your random bit generator).
Perhaps I don't understand how your scheme works. Also, what intuition
makes you think that it's stronger than plain old 3-DES?
-matt
Return to May 1994
Return to “Matt Blaze <mab@crypto.com>”