1997-05-13 - Re: The War is Underway (fwd)

Header Data

From: “Mark M.” <markm@voicenet.com>
To: cypherpunks <unicorn@schloss.li>
Message Hash: faffc8a893af3234324c5e87c294fe44979a63ad13d48a2abb1ad3da448d9ac8
Message ID: <Pine.LNX.3.95.970512171358.1229A-100000@purple.voicenet.com>
Reply To: <Pine.SUN.3.96.970511125117.9012O-100000@polaris.mindport.net>
UTC Datetime: 1997-05-13 00:21:36 UTC
Raw Date: Tue, 13 May 1997 08:21:36 +0800

Raw message

From: "Mark M." <markm@voicenet.com>
Date: Tue, 13 May 1997 08:21:36 +0800
To: cypherpunks <unicorn@schloss.li>
Subject: Re: The War is Underway (fwd)
In-Reply-To: <Pine.SUN.3.96.970511125117.9012O-100000@polaris.mindport.net>
Message-ID: <Pine.LNX.3.95.970512171358.1229A-100000@purple.voicenet.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sun, 11 May 1997, Black Unicorn wrote:

> As I recall, 3des ( DESk1 -> DESk2^-1 -> DESk3 ) has an effective
> keylength of 112 bits.  Less than IDEA.  Schneier discusses this.

That's only the best case (for the cryptanalyst).  Breaking 3DES with
only 2^112 encryptions requires 2^56 plaintext-ciphertext pairs.
Schneier says this is about 10^17 bytes.

> I dislike this line of argument for several reasons.  It reduces security
> to the lowest common denominator.  Because, the argument goes, few people
> will use more than a 21 character passphrase, then we need not design
> anything with more security.
>
> In reality, I think that the percentage of people who use more than an 8
> character passphrase, especially outside these circles, is small.
> Following your logic, our high end of security should be about 48 bits.

Very true.  I was not arguing that security should be reduces to the
lowest common denominator but that using excessively long key sizes does
little good.  Anything over 256 bits is, IMHO, overkill and 160 bits is
enough to make brute-force attacks infeasible.

> It costs little today to develop a cipher with larger keyspace.  (DES with
> independent subkeys already exists and has a basic keyspace of 768 bits.
> A meet in the middle attack reduces keyspace to 2^384.  Schneier discusses
> the cipher briefly).  If users are willing to deal with large keys (I
> certainly am) then software designers are restraining a more secure
> implementation.

I'm very suspicious of any cipher with independant subkeys.  Apparently,
this makes chosen-key attacks *very* easy.  Chosen-key attacks aren't
very practical, but it doesn't give me a good feeling about the relative
security of the cipher.  Some combination, like triple-DES using variable
S-boxes would probably be a little more secure.


Mark
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBM3ekFyzIPc7jvyFpAQE21Qf/bepXHyyXBPY33tytKtWQh3isjzqrSqH2
nOtg8qbuDI31W9Jo3RK2KN4nvHLHyPjlrkTT4M07oOhBqNm/Y+xD7ABOvnxkzVal
L7jQbqF3iaJZRhHUyMP0tI+RlyIdtHTN0l7Qt+P/Jfb81uBm5sGPMh9vM3s9/Wav
oP/XHvkX24OnDlnIfpMj+WnLyXx1a6Rs9oyEfv+/k1/7Lo9UwZMSdjV36UDNj8kG
gYBA7eCLMs+3OfcKAlP4wD8TgBfzD3DH93ME5eBtAM/yYzQI5X+tdpIZJ2C3wFZI
oX89+1Kh1AgHJ3Hj7mZKJGvlT3S3rSxL36CQUDAH9NNAPpazOPC3Vg==
=Kwd2
-----END PGP SIGNATURE-----






Thread