On Fri, 12 Jul 2002, Roberto Rotta wrote: > On Wed, Jul 10, 2002 at 11:48:26PM +0100, Rory wrote: > > > > Which algorithm should I use: 3DES or SHA-1 ? > > > > > > Umm. I don't think they compare... 3DES is a Cipher (Stream Cipher? I > > > don't have my books here) and SHA-1 is a cryptographic one-way hashing > > > algorithm similar to MD5 (but more secure). > > Also DES can give you an hash of your message. For example by > append the last computation block in CFB mode > > > > 3DES is vulnerable to certain kinds of attacks.. I seem to recall that > > > it's a variant of the meet-in-the-middle attack (see Applied > > > Cryptography by Menezes et al (which he has for free in PDF on his > > > website))... So maybe you should consider some other encryption > > > algorithm... > > > > > > > 3DES is pretty solid for the moment,the MITM attack you are talking about > > doesn't really make sense for a cipher I beleive you are getting confused > > with the problem that some protocols that use 3DES (SSL and such). While > > these do suffer from a pretty complicate MITM attack this is not a > > reflection on the security of 3DES at all. DES itself has been broken but > > that was only due to it's short key length and 3DEs does not suffer from > > this problem. There is also the fact the DES has been around for years and > > has been beaten on by some of the best crypto people in the word and has > > come out of it looking pretty good so you know you have a solid cipher. > > No, meet-in-the-middle is an attack against 2DES, > man-in-the-middle are totally different thing. 2DES is DES > applied twice with 2 keys. So you have your msg X, your first key > K1 and the second one K2. > > Note: function[key](msg) > > 2DES(X) is > DES[K2]( DES[K1](X) ) = Y > then... > Inverse_of_DES[K2](Y) = DES[K1](X) > Suppose you know (X, Y) and want to find the keys (K1, K2). > Crypt X with all 2^56 K1 possible keys and decrypt Y with > 2^56 K2 keys. Now you can meet-in-the-middle. If consider > a second couple, we say (X', Y'), can attack the keys more > quickly. > > Indeed, 2DES is not better than DES, even if it has 2^112 keys. > You can break 2DES with 2^56 attempts, the same number of a brute > force against DES > > Hope what I've said is clearly, because I'm learning to speak > english > ahhh right you are quite correct I just misread you earlier posting, my apologies.
Although 2DES was not being considered here is was 3DES is and it works like so. two keys: K1, K2. DES_encrypt(data, K1) DES_decrypt(data, K2) DES_encrypt(data, K1) Does this suffer from the same weakness you detailed in your above mail ? I can't see how it would but then again thats me :) > -Roberto > -- ----Rory
