From owner-freebsd-security  Thu Mar 14 13:58:21 2002
Delivered-To: freebsd-security@freebsd.org
Received: from rwcrmhc51.attbi.com (rwcrmhc51.attbi.com [204.127.198.38])
	by hub.freebsd.org (Postfix) with ESMTP id 7A72E37B41F
	for <freebsd-security@FreeBSD.ORG>; Thu, 14 Mar 2002 13:58:16 -0800 (PST)
Received: from blossom.cjclark.org ([12.234.91.48]) by rwcrmhc51.attbi.com
          (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP
          id <20020314215816.CKYV2626.rwcrmhc51.attbi.com@blossom.cjclark.org>;
          Thu, 14 Mar 2002 21:58:16 +0000
Received: (from cjc@localhost)
	by blossom.cjclark.org (8.11.6/8.11.6) id g2ELwFH41609;
	Thu, 14 Mar 2002 13:58:15 -0800 (PST)
	(envelope-from cjc)
Date: Thu, 14 Mar 2002 13:58:15 -0800
From: "Crist J. Clark" <cjc@FreeBSD.ORG>
To: "John R. Shannon" <john@johnrshannon.com>
Cc: jack xiao <jack_xiao99@hotmail.com>, freebsd-security@FreeBSD.ORG
Subject: Re: AES
Message-ID: <20020314135815.H29705@blossom.cjclark.org>
References: <OE49JNoEl4jksr6UrKl000037bf@hotmail.com> <200203141123.g2EBNB7e006688@pablo.johnrshannon.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <200203141123.g2EBNB7e006688@pablo.johnrshannon.com>; from john@johnrshannon.com on Thu, Mar 14, 2002 at 04:23:11AM -0700
X-URL: http://people.freebsd.org/~cjc/
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Thu, Mar 14, 2002 at 04:23:11AM -0700, John R. Shannon wrote:
> AES and DES are compared on this AES fact sheet:
> 
> http://csrc.nist.gov/encryption/aes/aesfact.html
> 
> The problem with DES is that it's 56 bit key, which was adequate in the 70s, 
> can be discovered by exhaustive keysearch. 
> 
> 3DES attacks this by applying DES 3 times: encrypt with 1 key, decrypt with a 
> second, and encrypt with a third.

That depends. Many 3DES implementations encrypt with key 1, decrypt
with key 2, and encrypt with key 1 again. This is because,

> The best known attack on 3DES is O(2^108) 
> operations with something like 2^64 storage.

You still get the same effective key length as you do by using three
separate keys. The attack on the three separate keys basically reduces
the problem two two keys, so why not just use two keys (the reduced
problem) in the first place?
-- 
Crist J. Clark                     |     cjclark@alum.mit.edu
                                   |     cjclark@jhu.edu
http://people.freebsd.org/~cjc/    |     cjc@freebsd.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message