On Fri, Jul 12, 2002 at 02:10:08AM +0100, Rory wrote: > > > 3DES is pretty solid for the moment,the MITM attack you are talking about > > > doesn't really make sense for a cipher I beleive you are getting confused > > > with the problem that some protocols that use 3DES (SSL and such). While > > > these do suffer from a pretty complicate MITM attack this is not a > > > reflection on the security of 3DES at all. DES itself has been broken but > > > that was only due to it's short key length and 3DEs does not suffer from > > > this problem. There is also the fact the DES has been around for years and > > > has been beaten on by some of the best crypto people in the word and has > > > come out of it looking pretty good so you know you have a solid cipher. > > > > No, meet-in-the-middle is an attack against 2DES, > > man-in-the-middle are totally different thing. 2DES is DES > > applied twice with 2 keys. So you have your msg X, your first key > > K1 and the second one K2. > > > > Note: function[key](msg) > > > > 2DES(X) is > > DES[K2]( DES[K1](X) ) = Y > > then... > > Inverse_of_DES[K2](Y) = DES[K1](X) > > Suppose you know (X, Y) and want to find the keys (K1, K2). > > Crypt X with all 2^56 K1 possible keys and decrypt Y with > > 2^56 K2 keys. Now you can meet-in-the-middle. If consider > > a second couple, we say (X', Y'), can attack the keys more > > quickly. > > > > Indeed, 2DES is not better than DES, even if it has 2^112 keys. > > You can break 2DES with 2^56 attempts, the same number of a brute > > force against DES > > > > Hope what I've said is clearly, because I'm learning to speak > > english > > > ahhh right you are quite correct I just misread you earlier posting, my > apologies.
Don't excuse you, we are here to discuss. Moreover, it wasn't me... > Although 2DES was not being considered here is was 3DES is and > it works > like so. > > two keys: K1, K2. > > DES_encrypt(data, K1) > DES_decrypt(data, K2) > DES_encrypt(data, K1) > > Does this suffer from the same weakness you detailed in your > above mail ? No, it doesn't. This is why DES and 3DES are useful, while 2DES isn't -Roberto
