OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: q&d comparison (was Re: [Cryptix-Users] Rijndael - the real work now begins)
From: Ben Laurie (benalgroup.co.uk)
Date: Sun Oct 08 2000 - 15:59:12 CDT

Ian Goldberg wrote:
>
> In article <39E0BA91.7339B2B7algroup.co.uk>,
> Ben Laurie <benalgroup.co.uk> wrote:
> >Ian Grigg wrote:
> >> On the amount of entropy, well, I'd leave that to a cryptographer,
> >> other than the observation that Rijndael has 128, 192, 256 bit keys,
> >> whilst DES has 56 bits and T-DES has 168 (full).
> >
> >Nnng. I know you know this, but the triple DES key is only worth 112
> >bits. Which is why there is no double DES.
>
> What do you mean, "worth"? While it's true the meet-in-the-middle attack
> for 3-key 3DES has *time* complexity 2^112, it also has *space*
> complexity 2^56 blocks. That's half an exabyte.

Admittedly, this is a large space complexity. However, I'm assuming that
if you've got 2^112 time, you think that 2^56 space is a walk in the
park.

> The AES competition has warped our ideas of reasonable attacks somewhat.
> Valid attacks were of the form "guess 248 bits of the key, and deduce
> the last 8."

That's a sweet idea, but I deny being susceptible.

> We have a similar problem with RSA; the current factoring algorithms
> require a lot of memory, not just a lot of time, to perform the final
> steps of the calculation.

Interesting point. The snag with getting this right, I guess, is
predicting the future evolution of storage size and speed, as well as
CPU speed. It might be fun to plot the landscape...

Cheers,

Ben. 

--
http://www.apache-ssl.org/ben.html

Coming to ApacheCon Europe 2000? http://apachecon.com/