On Wed, 9 Jan 2002, Andrew wrote:
> Well let's see if I can explain this a little better. How does 3DES
> work? Apparently my co-worked took the final encrypted text, XOR'ed it with
> the original message and obtained a key. Now he claims that he can decrypt
> any message with that key.
Did you ask him to do the show? I doubt he can. Something like this
may happen if:
- using the same key for handling all message instead of generating
fresh random one and
- using stream cipher like RC4.
yours,
Vadim
> Now this may be wrong, does it mean he can
> decrypt the original message then? I though 3DES was 168-bits strong, but if
> the three 56-bit keys are just xor'ed then it doesn't seem to be a linear
> encryption.
> Also he xor'ed the original message with the final encrypted message,
> this produced a key. Now he also xor'ed all three of the des keys together.
> When compared the keys were the same. This is strange because it seems to me
> then that all you need to know is the x'ored equavalent of all three of the
> 3des keys. Pretend I have no clue what I'm talking about and try to example
> how 3des works ;-) I'm not sure what other information you are looking for.
> I'm just asking how the semantics of 3DES work and why it's strong than DES.
> I know that is it, but why.
>
> Thanks!
>
> -
> Andrew
> ActiveSol.net
> [EMAIL PROTECTED]
> ----- Original Message -----
> From: "David Tonhofer, m-plify S.A." <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>; "Andrew" <[EMAIL PROTECTED]>
> Sent: Wednesday, January 09, 2002 12:46 PM
> Subject: Re: 3DES-CBC questoins
>
>
> >
> >
> > --On Wednesday, January 09, 2002 12:26 PM -0500 Andrew
> > <[EMAIL PROTECTED]> wrote:
> >
> > > A coworked has brought up a question that I cant answer and I am hoping
> > > somewhere here could. With 3des you encrypt the data with the first key,
> > > decrypt with the second and encrypt with the 3rd to get the encryprted
> > > message.
> >
> > Yes..
> >
> > > He xor'ed the plain text with the encrypted message and obtained
> > > a key.
> >
> > Well, does this mean that the message was only 56 bit long? As the DES
> > stream is essentially random (I think), this would be a way of obtaining a
> > random number.
> >
> > > He then could use that key to decrypt any other message.
> >
> > What does that mean? He can't.
> >
> > > Now I
> > > know that if you know the plain text than you can get the key but the
> > > point was how is 3des any stronger than des if you only need one key to
> > > decrypt the message.
> >
> > You can't. 3DES is definitely stronger.
> >
> > > Also it appears the key he found was only 56-bits,
> > > or maybe this is a mistake. So I guess the question is, if you only need
> > > one key to decrypt a 3des encrypted message then how is it strong.
> > > Thanks!
> > > -
> > > Andrew
> > > ActiveSol.net
> > > [EMAIL PROTECTED]
> >
> >
> > There is not enough information for a meaningful answer...
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
