[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: DES <weak> key list?
It's my impression that Bruce Schneier has the same opinion. I suggest we
pull the text from all three places.
At 02:53 PM 9/10/97 -0400, you wrote:
> Date: Wed, 10 Sep 1997 10:37:17 -0400
> From: Steven Bellovin <smb@research.att.com>
>
> I confess that I'm not worried about the possibility of a weak key being
> chosen at random. Even if one is, so what? The problem with a weak key
> is that double-encryption with it yields the original plaintext. We're
> not double-encrypting in general; if there are two independent layers of
> encryption, the odds on hitting a weak key in both is about 1 in 2^108.
> I'll take my chances...
>
>It's even better than that. Given that we're using CBC, you'd have to
>doubly encrypt with the same IV, and the odds that they would be the
>same make the probability of lossage even lower.
>
>It's really not clear this is worth us worrying about it...
>
> - Ted
>
>
References: