[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: DES <weak> key list?
Date: Wed, 10 Sep 1997 10:37:17 -0400
From: Steven Bellovin <smb@research.att.com>
I confess that I'm not worried about the possibility of a weak key being
chosen at random. Even if one is, so what? The problem with a weak key
is that double-encryption with it yields the original plaintext. We're
not double-encrypting in general; if there are two independent layers of
encryption, the odds on hitting a weak key in both is about 1 in 2^108.
I'll take my chances...
It's even better than that. Given that we're using CBC, you'd have to
doubly encrypt with the same IV, and the odds that they would be the
same make the probability of lossage even lower.
It's really not clear this is worth us worrying about it...
- Ted
Follow-Ups:
References: