Date: Thu, 14 Mar 2002 13:58:15 -0800 From: "Crist J. Clark" <cjc@FreeBSD.ORG> To: "John R. Shannon" <john@johnrshannon.com> Cc: jack xiao <jack_xiao99@hotmail.com>, freebsd-security@FreeBSD.ORG Subject: Re: AES Message-ID: <20020314135815.H29705@blossom.cjclark.org> In-Reply-To: <200203141123.g2EBNB7e006688@pablo.johnrshannon.com>; from john@johnrshannon.com on Thu, Mar 14, 2002 at 04:23:11AM -0700 References: <OE49JNoEl4jksr6UrKl000037bf@hotmail.com> <200203141123.g2EBNB7e006688@pablo.johnrshannon.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Mar 14, 2002 at 04:23:11AM -0700, John R. Shannon wrote: > AES and DES are compared on this AES fact sheet: > > http://csrc.nist.gov/encryption/aes/aesfact.html > > The problem with DES is that it's 56 bit key, which was adequate in the 70s, > can be discovered by exhaustive keysearch. > > 3DES attacks this by applying DES 3 times: encrypt with 1 key, decrypt with a > second, and encrypt with a third. That depends. Many 3DES implementations encrypt with key 1, decrypt with key 2, and encrypt with key 1 again. This is because, > The best known attack on 3DES is O(2^108) > operations with something like 2^64 storage. You still get the same effective key length as you do by using three separate keys. The attack on the three separate keys basically reduces the problem two two keys, so why not just use two keys (the reduced problem) in the first place? -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020314135815.H29705>