On 24-Sep-08, at 07:33 , Faramir wrote:
Robert J. Hansen escribió:
Faramir wrote:
Ok, let me say something on my behalf: in my experience, when
something does't work as well as expected, and people say "well...
lets do it 2 times, that should work", usually that leads to
something that works, but it is not as good as it could be...
False premise. DES works every bit as well as we expect. Even
today,
the best attack against DES is brute force.
I was not intending to say 3DES suffers from that problem. In fact, I
don't have any experience with 3DES, and just about 5 months using
gpg.
Also, I have said many times I am talking about a "dislike" not
based in
a rational reason (sorry if I am being redundant there). So probably
it
is a mistake to try to explain in a logical way something that is, by
definition, non based on logic. But since maybe I caused a wrong
impression, I will try to clarify a bit my point of view... the
rational
one.
Basically DES uses a very strong algorithm that can be readily put
into hardware. But it uses a key of 56 bits (8 7-bit ASCII characters
for example). THis was really hard to brute force in the 1970's, when
DES was invented, but not difficult now, with large memories and fast
processors (especially purpose- built crackers).
The compromise (since there are a lot of DES hardware encryption tools
available) was to use 3 separate 56 bit keys and apply them to the
message (encrypt using key1](decrypt using key2) (encrypt using key
3). This is slow because it is applying the DES algorithm (or its
reverse) three times, but it has an effective key length of 112 bits
(even though there are 168 key bits) because of a meet in the middle
attack against changed algorithms.
So 3DES is used because it is as secure or securer then any other
algorithm of 112 bits and has been efficiently implemented in hardware
for industrial use. It is slower than algorithms designed for the
longer key length like AES (which was also designed so that it can be
implemented in hardware fairly readily).
It is probably better to use as few algorithms as possible and to
extensively apply cryptanalysis to those few to ensure their
reliability. Some algorithms seem to have been mandated by some
governments because they may be flawed but 3DES and AES256 etc. are
mandated for U.S. government official use, the the NSA must think
there are secure from cryptanalysis by foreign governments. YOu are
far more likely to have your secret message cracked by flaws in the
operating system at either end than by breaking of the actual cypher
text. Cypher weaknesses are about the bottom of ant weakness in
cryptography.
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
