[RC5] Golomb Rulers (was "sexy" projects)
thomas.womack at merton.oxford.ac.uk
Tue Mar 3 23:53:21 EST 1998
> There is no result showing that the security of Triple-DES is any
> greater than DES. As a previous note by myself pointed out, doing
> an attack on an unknown ASCII message requires ~0.3% more effort to
> brute force than to crack a message with known preamble.
> Anthough it has been shown that DES does not have a group structure,
> so Triple-DES is inequivalent to DES, it has not been shown that the
> encryption is any stronger. Further, it is not (currently) thought
> likely that Triple-DES is as strong as its keylength would indicate.
I have a reasonable amateur's knowledge of cryptography, and have not seen
any evidence at all that 3DES is not 112-bit strong.
> Dual-DES has been shown to be equivalent to another encryption
> scheme with 64-bit keys, so it's *very unlikely* that Triple-DES
> gets you more than an equivalent of 72-bits of encryption.
2DES is equivalent in complexity to DES, provided that you have storage for
2^56 blocks (encrypt two known plaintexts with each of the 2^56 possible
keys, sort the list so you can check if a block's in the list in constant
time, decrypt two ciphertexts with each possible key and check if the result
is equal to any of the encrypted plaintexts; total time 2^58 encryptions to
produce the list, 2^58 trial decryptions, for 2^59 work factor). To the best
of my knowledge, there is no quicker attack on it.
> It has been calculated that a direct attack on dedicated hardware
> could for ~US$10,000 break DES in a few minutes.
Not anywhere I've seen; it's almost impossible to get $10,000 worth of
custom-made chips (minimum orders being a lot bigger), and, for an attack to
take 2^9 seconds ('a few minutes'), you need 2^17 250MHz crackers. Not a
$10,000 project by any means.
To unsubscribe, send 'unsubscribe rc5' to majordomo at lists.distributed.net
rc5-digest subscribers replace rc5 with rc5-digest
More information about the rc5