apple at royds.net
Thu Sep 25 19:46:42 CEST 2008
On 25-Sep-08, at 01:32 , Robert J. Hansen wrote:
> It should be noted the MitM requires more memory than exists in the
> world, with more chosen plaintexts than have ever been encrypted
> with DES.
> If you're assuming the attacker has literally global computational
> resources and can make you send petabytes upon petabytes of chosen
> plaintexts without you ever changing your encryption key, then yes, it
> has an effective 112 bits of entropy. If those assumptions don't
> then you're up to 168 again.
Agreed. A common version of 3DES uses only two keys (E1->D2-E1), with
the same effective key length (112)
But meet in the middle problems explain why there is no 2DES, since
ability to have Rainbow tables for 56 bits allow relatively easy
cracking of second part of chain.
More information about the Gnupg-users