On Tue, 27 Feb 2001 23:38:13 +0100, Rogier Wolff <[EMAIL PROTECTED]> said:
> Still, I remember that using triple-DES with three keys only had a
> complexity on the order of 2^112. No matter what you tried.
>
> Sure you can design super-duper-crypto scheme that uses a gigantic
> key, but as long as the resulting crypto only has 2^56 complexity to
> break, it doesn't have any real advantages over, say, DES.
>
> Anyway, I can't quickly find any hard online references to back this
> up.
I seem to remember Schneier's "Applied Cryptography" discussing this. In any
case, the reason that triple-DES is limited to an *effective* 112 bits
of key is that DES is a "group". To sum up multiple pages of math, this
ends up meaning that although there may be 168 bits of keying material,
there's "duplicate" keys (instead of 2^168 different keys, you actually
have 2^112 groups of 2^56 equivalent keys).
--
Valdis Kletnieks
Operating Systems Analyst
Virginia Tech
PGP signature
