Changing preferences

Thu Sep 25 06:47:57 CEST 2008

On 24-Sep-08, at 07:33 , Faramir wrote:

> Robert J. Hansen escribió:
>> Faramir wrote:
>>> Ok, let me say something on my behalf: in my experience, when
>>> something does't work as well as expected, and people say "well...
>>> lets do it 2 times, that should work", usually that leads to
>>> something that works, but it is not as good as it could be...
>>
>> False premise.  DES works every bit as well as we expect.  Even  
>> today,
>> the best attack against DES is brute force.
>
>  I was not intending to say 3DES suffers from that problem. In fact, I
> don't have any experience with 3DES, and just about 5 months using  
> gpg.
> Also, I have said many times I am talking about a "dislike" not  
> based in
> a rational reason (sorry if I am being redundant there). So probably  
> it
> is a mistake to try to explain in a logical way something that is, by
> definition, non based on logic. But since maybe I caused a wrong
> impression, I will try to clarify a bit my point of view... the  
> rational
> one.

Basically DES uses a very strong algorithm that can be readily put  
into hardware. But it uses a key of 56 bits (8 7-bit ASCII characters  
for example). THis was really hard to brute force in the 1970's, when  
DES was invented, but not difficult now, with large memories and fast  
processors (especially purpose- built crackers).

The compromise (since there are a lot of DES hardware encryption tools  
available) was to use 3 separate 56 bit keys and apply them to the  
message (encrypt using key1](decrypt using key2) (encrypt using key  
3). This is slow because it is applying the DES algorithm (or its  
reverse) three times, but it has an effective key length of 112 bits  
(even though there are 168 key bits) because of a meet in the middle  
attack against changed algorithms.

  So 3DES is used because it is as secure or securer then any other  
algorithm of 112 bits and has been efficiently implemented in hardware  
for industrial use. It is slower than algorithms designed for the  
longer key length like AES (which was also designed so that it can be  
implemented in hardware fairly readily).

It is probably better to use as few algorithms as possible and to  
extensively apply cryptanalysis to those few to ensure their  
reliability. Some algorithms seem to have been mandated by some  
governments because they may be flawed but 3DES and AES256 etc. are  
mandated for U.S. government official use, the the NSA must think  
there are secure from cryptanalysis by foreign governments.  YOu are  
far more likely  to have your secret message cracked by flaws in the  
operating system at either end than by breaking of the actual cypher  
text. Cypher weaknesses are about the bottom of ant weakness in  
cryptography.