Re: 3DES versus SHA-1

Thu, 11 Jul 2002 18:44:33 -0700 

On Wed, Jul 10, 2002 at 11:48:26PM +0100, Rory wrote:
> > > Which algorithm should I use: 3DES or SHA-1 ?
> >
> > Umm. I don't think they compare... 3DES is a Cipher (Stream Cipher? I
> > don't have my books here) and SHA-1 is a cryptographic one-way hashing
> > algorithm similar to MD5 (but more secure).

Also DES can give you an hash of your message. For example by
append the last computation block in CFB mode

> > 3DES is vulnerable to certain kinds of attacks.. I seem to recall that
> > it's a variant of the meet-in-the-middle attack  (see Applied
> > Cryptography by Menezes et al (which he has for free in PDF on his
> > website))... So maybe you should consider some other encryption
> > algorithm...
> >
> 
> 3DES is pretty solid for the moment,the MITM attack you are talking about
> doesn't really make sense for a cipher I beleive you are getting confused
> with the problem that some protocols that use 3DES (SSL and such). While
> these do suffer from a pretty complicate MITM attack this is not a
> reflection on the security of 3DES at all. DES itself has been broken but
> that was only due to it's short key length and 3DEs does not suffer from
> this problem. There is also the fact the DES has been around for years and
> has been beaten on by some of the best crypto people in the word and has
> come out of it looking pretty good so you know you have a solid cipher.

No, meet-in-the-middle is an attack against 2DES,
man-in-the-middle are totally different thing. 2DES is DES
applied twice with 2 keys. So you have your msg X, your first key
K1 and the second one K2. 

Note: function[key](msg)

    2DES(X) is 
                    DES[K2]( DES[K1](X) ) = Y
    then...
    Inverse_of_DES[K2](Y) = DES[K1](X)
    Suppose you know (X, Y) and want to find the keys (K1, K2).
    Crypt X with all 2^56 K1 possible keys and decrypt Y with
    2^56 K2 keys. Now you can meet-in-the-middle. If consider
    a second couple, we say (X', Y'), can attack the keys more
    quickly. 
 
Indeed, 2DES is not better than DES, even if it has 2^112 keys.
You can break 2DES with 2^56 attempts, the same number of a brute
force against DES

Hope what I've said is clearly, because I'm learning to speak
english

-Roberto

Reply via email to