Robert J. Hansen
rjh at sixdemonbag.org
Thu Sep 25 07:32:01 CEST 2008
Bill Royds wrote:
> three times, but it has an effective key length of 112 bits (even though
> there are 168 key bits) because of a meet in the middle attack against
> changed algorithms.
It should be noted the MitM requires more memory than exists in the
world, with more chosen plaintexts than have ever been encrypted with DES.
If you're assuming the attacker has literally global computational
resources and can make you send petabytes upon petabytes of chosen
plaintexts without you ever changing your encryption key, then yes, it
has an effective 112 bits of entropy. If those assumptions don't hold,
then you're up to 168 again.
More information about the Gnupg-users