Well let's see if I can explain this a little better. How does 3DES
work? Apparently my co-worked took the final encrypted text, XOR'ed it with
the original message and obtained a key. Now he claims that he can decrypt
any message with that key. Now this may be wrong, does it mean he can
decrypt the original message then? I though 3DES was 168-bits strong, but if
the three 56-bit keys are just xor'ed then it doesn't seem to be a linear
encryption.
Also he xor'ed the original message with the final encrypted message,
this produced a key. Now he also xor'ed all three of the des keys together.
When compared the keys were the same. This is strange because it seems to me
then that all you need to know is the x'ored equavalent of all three of the
3des keys. Pretend I have no clue what I'm talking about and try to example
how 3des works ;-) I'm not sure what other information you are looking for.
I'm just asking how the semantics of 3DES work and why it's strong than DES.
I know that is it, but why.
Thanks!
-
Andrew
ActiveSol.net
[EMAIL PROTECTED]
----- Original Message -----
From: "David Tonhofer, m-plify S.A." <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>; "Andrew" <[EMAIL PROTECTED]>
Sent: Wednesday, January 09, 2002 12:46 PM
Subject: Re: 3DES-CBC questoins
>
>
> --On Wednesday, January 09, 2002 12:26 PM -0500 Andrew
> <[EMAIL PROTECTED]> wrote:
>
> > A coworked has brought up a question that I cant answer and I am hoping
> > somewhere here could. With 3des you encrypt the data with the first key,
> > decrypt with the second and encrypt with the 3rd to get the encryprted
> > message.
>
> Yes..
>
> > He xor'ed the plain text with the encrypted message and obtained
> > a key.
>
> Well, does this mean that the message was only 56 bit long? As the DES
> stream is essentially random (I think), this would be a way of obtaining a
> random number.
>
> > He then could use that key to decrypt any other message.
>
> What does that mean? He can't.
>
> > Now I
> > know that if you know the plain text than you can get the key but the
> > point was how is 3des any stronger than des if you only need one key to
> > decrypt the message.
>
> You can't. 3DES is definitely stronger.
>
> > Also it appears the key he found was only 56-bits,
> > or maybe this is a mistake. So I guess the question is, if you only need
> > one key to decrypt a 3des encrypted message then how is it strong.
> > Thanks!
> > -
> > Andrew
> > ActiveSol.net
> > [EMAIL PROTECTED]
>
>
> There is not enough information for a meaningful answer...
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
