From: DAVESPARKS@delphi.com
To: cypherpunks@toad.com
Message Hash: 1fcbe109b31ef945b111c1add5e308d01d94f684b5e920029af93086a0d8331c
Message ID: <01HER653MHUQ9ASKAD@delphi.com>
Reply To: N/A
UTC Datetime: 1994-07-16 04:18:26 UTC
Raw Date: Fri, 15 Jul 94 21:18:26 PDT
From: DAVESPARKS@delphi.com
Date: Fri, 15 Jul 94 21:18:26 PDT
To: cypherpunks@toad.com
Subject: Re: Triple encryption...
Message-ID: <01HER653MHUQ9ASKAD@delphi.com>
MIME-Version: 1.0
Content-Type: text/plain
Adam Shostack <adam@bwh.harvard.edu> wrote:
> While the IDEA in th middle might slow down a meet in the
> middle attack on 2DES, I don't know that you're justified in claiming
> 112 bits of DES key space without something like:
>
> des|des|IDEA|des
If IDEA can be *TRIVIALLY* broken, and assuming the availability of the
massive amounts of memory needed to store all of the data required for a
MITM attack, then you're technically correct. But, even granting that
possibility for the time being, you still have the equivalent of 57 bits of
DES keyspace, which is better than totally relying on 3DEA.
While a "super DES breaker" machine has been hypothesized, and a cost to
build it estimated, I don't recall anyone doing so for a "MITM DES breaker"
which would require incredible amounts of memory. At a minimum, it would
require not only *TWO* super-DES-crackers, but a very sophistocated machine
to gather the blocks generated by all of the various parallel processors
comprising the other two machines, store, and continually compare them,
searching for matches.
IMHO, that "middle" machine would be far more complex and expensive than the
other two. A MITM attack might, theoretically, take only twice as long as
attacking a single layer, the cost of doing so would be much more than twice
as large. Anyone care to estimate what the cost of the RAM alone for the
"MITM interface" machine would be? Let's see, for two 56 bit beys, you'd
need storage for 2^57 blocks of 8 bytes each, or 2^60 bytes. At $40 per Mb,
or so, that would come to ... let's see ... $4 * 10^51 for memory alone. And
once the list of blocks started growing as the attack progressed, could the
interface processor keep up with the other two, in real time? Massively
parallel processors might speed both ends of the attack, but the "database
comparison phase" would be the real bottleneck, IMHO.
/--------------+------------------------------------\
| | Internet: davesparks@delphi.com |
| Dave Sparks | Fidonet: Dave Sparks @ 1:207/212 |
| | BBS: (909) 353-9821 - 14.4K |
\--------------+------------------------------------/
Return to July 1994
Return to “DAVESPARKS@delphi.com”
1994-07-16 (Fri, 15 Jul 94 21:18:26 PDT) - Re: Triple encryption… - DAVESPARKS@delphi.com