On Thu, Mar 14, 2002 at 04:23:11AM -0700, John R. Shannon wrote:
> AES and DES are compared on this AES fact sheet:
>
> http://csrc.nist.gov/encryption/aes/aesfact.html
>
> The problem with DES is that it's 56 bit key, which was adequate in the 70s,
> can be discovered by exhaustive keysearch.
>
> 3DES attacks this by applying DES 3 times: encrypt with 1 key, decrypt with a
> second, and encrypt with a third.

That depends. Many 3DES implementations encrypt with key 1, decrypt
with key 2, and encrypt with key 1 again. This is because,

> The best known attack on 3DES is O(2^108)
> operations with something like 2^64 storage.

You still get the same effective key length as you do by using three
separate keys. The attack on the three separate keys basically reduces
the problem two two keys, so why not just use two keys (the reduced
problem) in the first place?

-- 
Crist J. Clark                     |     cjclarkalum.mit.edu
                                   |     cjclarkjhu.edu
http://people.freebsd.org/~cjc/    |     cjcfreebsd.org
To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]