From: Lucky Green <shamrock@netcom.com>
To: Black Unicorn <unicorn@schloss.li>
Message Hash: c0bf0928d44019804830f686ff9834711307223646c34b1d489e8c0d602365a8
Message ID: <3.0.32.19970513223226.0074e2bc@netcom13.netcom.com>
Reply To: N/A
UTC Datetime: 1997-05-14 06:20:37 UTC
Raw Date: Wed, 14 May 1997 14:20:37 +0800
From: Lucky Green <shamrock@netcom.com>
Date: Wed, 14 May 1997 14:20:37 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: The War is Underway (fwd)
Message-ID: <3.0.32.19970513223226.0074e2bc@netcom13.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain
At 01:22 PM 5/11/97 -0400, Black Unicorn wrote:
>As I recall, 3des ( DESk1 -> DESk2^-1 -> DESk3 ) has an effective
>keylength of 112 bits. Less than IDEA. Schneier discusses this.
Unfortunately, Schneier doesn't do a very good job at discussing the
strength of 3DES. This probably is to be expected, since there is no fixed
effective keylength of 3DES and a more detailed discussion would likely
exceed the format of Applied Cryptography. The work factor of breaking 3DES
depends on the number of known plaintexts. At best, the effective keylength
is 112 bits. At worst (this is an unlikely, perhaps unrealistic worst) the
effective keylength is ~90 bits. Contrast this with DESX, which has been
proven to be twice as hard as DES, therefore having an effective keylength
of 112 bits.
>It costs little today to develop a cipher with larger keyspace. (DES with
>independent subkeys already exists and has a basic keyspace of 768 bits.
>A meet in the middle attack reduces keyspace to 2^384. Schneier discusses
>the cipher briefly). If users are willing to deal with large keys (I
>certainly am) then software designers are restraining a more secure
>implementation.
It costs lots to develop a cipher with a larger keyspace that has a known,
or reasonably assumed, work factor of higher than 112 bits. Again, it takes
years to cryptanalyze a new cipher.
It isn't software designers that are restraining more secure
implementations. The software designers don't have any better algorithms to
work with because the theorists haven't agreed on anything better yet.
-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred
"I do believe that where there is a choice only between cowardice and
violence, I would advise violence." Mahatma Gandhi
Return to May 1997
Return to “Lucky Green <shamrock@netcom.com>”