OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: q&d comparison (was Re: [Cryptix-Users] Rijndael - the real work now begins)
From: Ian Goldberg (iangCS.Berkeley.EDU)
Date: Sun Oct 08 2000 - 14:16:31 CDT

In article <39E0BA91.7339B2B7algroup.co.uk>,
Ben Laurie <benalgroup.co.uk> wrote:
>Ian Grigg wrote:
>> On the amount of entropy, well, I'd leave that to a cryptographer,
>> other than the observation that Rijndael has 128, 192, 256 bit keys,
>> whilst DES has 56 bits and T-DES has 168 (full).
>
>Nnng. I know you know this, but the triple DES key is only worth 112
>bits. Which is why there is no double DES.

What do you mean, "worth"? While it's true the meet-in-the-middle attack
for 3-key 3DES has *time* complexity 2^112, it also has *space*
complexity 2^56 blocks. That's half an exabyte.

The AES competition has warped our ideas of reasonable attacks somewhat.
Valid attacks were of the form "guess 248 bits of the key, and deduce
the last 8."

We have a similar problem with RSA; the current factoring algorithms
require a lot of memory, not just a lot of time, to perform the final
steps of the calculation.

   - Ian