On 25-Sep-08, at 01:32 , Robert J. Hansen wrote:
It should be noted the MitM requires more memory than exists in the
world, with more chosen plaintexts than have ever been encrypted
with DES.
If you're assuming the attacker has literally global computational
resources and can make you send petabytes upon petabytes of chosen
plaintexts without you ever changing your encryption key, then yes, it
has an effective 112 bits of entropy. If those assumptions don't
hold,
then you're up to 168 again.
Agreed. A common version of 3DES uses only two keys (E1->D2-E1), with
the same effective key length (112)
But meet in the middle problems explain why there is no 2DES, since
ability to have Rainbow tables for 56 bits allow relatively easy
cracking of second part of chain.
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
