[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: 3DES keys
>
> Could someone post the location of the paper or argument which says that
> 3DES with 2 keys is no better than DES? Are 3 keys any better? What is
> the current analysis?
>
I'm not aware of any paper which says ``two-key 3DES is no stronger than
DES''. If you know of any, I'd love to hear of it.
There are two papers which have described attacks on two-key 3DES which
don't apply to three-key 3DES. You get to decide whether they worry you;
certainly they're not practical right now.
The first paper was (I think) by Hellman; he described an attack on two-key
3DES which needs 2^56 chosen plaintexts. He called this a certificational
weakness. Unfortunately, I can't seem to find the reference for this
right now..
A more recent known plaintext attack was described by Wiener & van Oorschot.
Here's a reference:
@InProceedings{OorschotWi91,
author = "P. C. van Oorschot and M. J. Wiener",
year = "1991",
title = "A Known-plaintext attack on two-key triple
encryption",
booktitle = "Advances in Cryptology --- Eurocrypt '90",
editor = "I. B. Damg{\aa}rd",
pages = "318--325",
publisher = "Springer-Verlag",
address = "Berlin",
}
References:
- Re: 3DES keys
- From: "William Allen Simpson" <bsimpson@morningstar.com>