Double Encryption Illegal?
Crypto-Boy
Guide (from release 8.1.6 December 1999), it says the following (in bold
no less):
"Warning: You can use SSL encryption in combination with another Oracle
Advanced Security authentication method. When you do this, you must
disable any non-SSL encryption to comply with government regulations
prohibiting double encryption."
Since when is it illegal to double encrypt in the US? I don't believe
this is true.
Sent via Deja.com http://www.deja.com/
Before you buy.
Simon Johnson
Nor do i,
Triple-Des is allowed, so this is just wrong. :)
--
Hi, i'm the signuture virus,
help me spread by copying me into Signiture File
Adam Durana
This is just a guess, since I have never used this software. I would guess
that this software uses a small key size so it can be exported, and double
encrypting with two _different_ keys would increase the key space to
something beyond what is allowed to be exported.
- Adam
"Crypto-Boy" <crypt...@my-deja.com> wrote in message
news:8hrbrf$a5b$1...@nnrp1.deja.com...
wtshaw
> On page 10-10 and 10-14 of the Oracle Advanced Security Administrator's
> Guide (from release 8.1.6 December 1999), it says the following (in bold
> no less):
>
> "Warning: You can use SSL encryption in combination with another Oracle
> Advanced Security authentication method. When you do this, you must
> disable any non-SSL encryption to comply with government regulations
> prohibiting double encryption."
>
> Since when is it illegal to double encrypt in the US? I don't believe
> this is true.
>
This is to make it still breakable. All the noise about unregulated
domestic crypto seems to justify you doing just about anything crypto you
want to.
Regulations can be mere whims, expressive of wishful thinking; government
regulations are often written to make thing convenient for the
government. Good regulations make good sense, but government does not
have a right to get everything it wants to the expense of needed security
of the public; your business may be none of theirs.
--
If you wonder worry about the future enough to adversely limit
yourself in the present, you are a slave to those who sell security.
Simon Johnson
"Adam Durana" <adam@_NO_ADVERTISEMENTS_PLEASE_nine.net> wrote:
>
> This is just a guess, since I have never used this software. I would
guess
> that this software uses a small key size so it can be exported, and
double
> encrypting with two _different_ keys would increase the key space to
> something beyond what is allowed to be exported.
>
> - Adam
:)
--
Hi, i'm the signuture virus,
help me spread by copying me into Signiture File
Greg
> Since when is it illegal to double encrypt in the US? I don't believe
> this is true.
Obviously, the author does...
--
Tyranny is kept at bay by guns and will. Our government
knows we have the guns, but they don't know if we have
the will. Nor do we.
The only lawful gun law on the books- the second amendment.
Paul Koning
>
> On page 10-10 and 10-14 of the Oracle Advanced Security Administrator's
> Guide (from release 8.1.6 December 1999), it says the following (in bold
> no less):
>
> "Warning: You can use SSL encryption in combination with another Oracle
> Advanced Security authentication method. When you do this, you must
> disable any non-SSL encryption to comply with government regulations
> prohibiting double encryption."
>
> this is true.
It isn't and it never has been.
Clearly the author of that statement is very confused.
If they were talking about non-US applications (more so in
the past than currently) that might be different, but in
that case a warning wouldn't have been sufficient.
paul
Simon Johnson
passes of an algorithm with independent keys and they *tried* to
convict you, they would be stuffed.
They can't *prove* you used the algorithm on a piece of data
twice without brute-forcing double the key-space of the
encrypting algorithm.
Like i said - Pointless
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
Miguel Cruz
> They can't *prove* you used the algorithm on a piece of data
> twice without brute-forcing double the key-space of the
> encrypting algorithm.
They can look at your source code.
miguel
jkauffman
not really, you don't change the source you just run it
twice.
* Sent from AltaVista http://www.altavista.com Where you can also find related Web Pages, Images, Audios, Videos, News, and Shopping. Smart is Beautiful
abe...@my-deja.com
Crypto-Boy <crypt...@my-deja.com> wrote:
> On page 10-10 and 10-14 of the Oracle Advanced Security
Administrator's
> Guide (from release 8.1.6 December 1999), it says the following (in
bold
> no less):
>
> "Warning: You can use SSL encryption in combination with another
Oracle
> Advanced Security authentication method. When you do this, you must
> disable any non-SSL encryption to comply with government regulations
> prohibiting double encryption."
>
> Since when is it illegal to double encrypt in the US? I don't believe
> this is true.
>
I heard that something like above 128 bit encryption is illegal. I
read it from some reliable source, but don't remember where. So the
statement sounds right to me.
I am not sure why this law exists, but to best of my knowlege there is
a maximum level of encryption that is legal. Maybe it's so that if
terorists transfer messages, government should be able to use the
messages in court. It it takes a few years to break the code, then
it's ok. But if it takes a million years, as in 256 bit encription,
then there is no way to decode the message.
Contact your lawyer if you plan to release software that is going to
use this type of encryption. If you are doing this to send messages
between yourself and your girlfriend, so that you wife can't break the
code, I don't think that you will get arrested.
JCA
products used to demand, till recently, that a check be put in place to
prevent
double encryption from being carried out. They might not require this any
more in light of the new regulations though.
jungle
Crypto-Boy wrote:
>
> On page 10-10 and 10-14 of the Oracle Advanced Security Administrator's
> Guide (from release 8.1.6 December 1999), it says the following (in bold
> no less):
>
> "Warning: You can use SSL encryption in combination with another Oracle
> Advanced Security authentication method. When you do this, you must
> disable any non-SSL encryption to comply with government regulations
> prohibiting double encryption."
>
> Since when is it illegal to double encrypt in the US? I don't believe
> this is true.
it is not true ...
Steve Rush
>read it from some reliable source, but don't remember where. So the
>statement sounds right to me.
>I am not sure why this law exists, but to best of my knowlege there is
>a maximum level of encryption that is legal. Maybe it's so that if
>terorists transfer messages, government should be able to use the
>messages in court.
All of the limits on cypher strength that I've heard of pertain to exported
products. Anyway, how can a cryptanalyst deduce what the key length was, given
only cyphertext?
--------------------------------------------------------------------------
--------------
If it's spam, it's a scam. Don't do business with Net abusers.
PRdO
128-bit doesn't equal better encryption.
(since encryption uses random keys, "randoming" again the data would not
lead to more secure data).
--
OdRPT
Crypto-Boy <crypt...@my-deja.com> wrote in message
news:8hrbrf$a5b$1...@nnrp1.deja.com...
> On page 10-10 and 10-14 of the Oracle Advanced Security Administrator's
> Guide (from release 8.1.6 December 1999), it says the following (in bold
> no less):
>
> "Warning: You can use SSL encryption in combination with another Oracle
> Advanced Security authentication method. When you do this, you must
> disable any non-SSL encryption to comply with government regulations
> prohibiting double encryption."
>
> Since when is it illegal to double encrypt in the US? I don't believe
> this is true.
>
>
Mok-Kong Shen
PRdO wrote:
>
> IMHO double encryption *does not* add security, i.e., double encryption in
> 128-bit doesn't equal better encryption.
> (since encryption uses random keys, "randoming" again the data would not
> lead to more secure data).
If you have an algorithm that does a perfect job (do
you happen to have one?), then there is by definition
nothing to improve. Otherwise, multiple encryption may
help, if done properly.
M. K. Shen
Tom St Denis
Douglas A. Gwyn
> IMHO double encryption *does not* add security, i.e., double
> encryption in 128-bit doesn't equal better encryption.
> (since encryption uses random keys, "randoming" again the data
> would not lead to more secure data).
Wrong. If different keys are used for the two encryptions, the
result is usually harder for an eavesdropper to crack than if
just one of the two encryptions had been used. There is no
randomness involved in either encryption.
Mok-Kong Shen
Tom St Denis wrote:
>
> Mok-Kong Shen <mok-ko...@t-online.de> wrote:
> >
> >
> > PRdO wrote:
> > >
> > > IMHO double encryption *does not* add security, i.e., double
> encryption in
> > > 128-bit doesn't equal better encryption.
> > > (since encryption uses random keys, "randoming" again the data
> would not
> > > lead to more secure data).
> >
> > If you have an algorithm that does a perfect job (do
> > you happen to have one?), then there is by definition
> > nothing to improve. Otherwise, multiple encryption may
> > help, if done properly.
>
> Ah but double encryption is not the way to go about it.
>
You meant it should be triple, like 3-DES??
M. K. Shen
Bill Unruh
>IMHO double encryption *does not* add security, i.e., double encryption in
>128-bit doesn't equal better encryption.
>(since encryption uses random keys, "randoming" again the data would not
>lead to more secure data).
It might. A) it removes the structure in the "cleartext" of the top
layer for finding the key with exhaustive search. B) It makes the
strength at least equal to that of the strongest of the two encryption
shemes. Of course these comments are not absolute. For example a double
encryption scheme in which one used say DES in one round and DES inverse
in the next round with the same key is nowhere near as strong as any one
of those two rounds:-)
But for example DES applied to ROT13 is certainly stronger than ROT13.
Thus if one of the schemes is suddenly broken, double encryption still
protects the contents with the other scheme.
wtshaw
<mok-ko...@t-online.de> wrote:
...
> You meant it should be triple, like 3-DES??
>
> M. K. Shen
When a person uses 3-DES, they are single encrypting with 3-DES. An
algorithm can be made of any conbination of steps. When two or more
pieces are combined, the result is one piece. Consider that such a
request, regulation, standard, whim, or pipe dream to limit so called
double encryption is a fog to confuse whereever possible; ambiguity shows
dualism of purpose.
--
Rats! (What Gov. Bush is apt to say the morning after the election)
Paul Schlyter
Tom St Denis <std...@compmore.net> wrote:
> In article <39C350A8...@t-online.de>,
> Mok-Kong Shen <mok-ko...@t-online.de> wrote:
>>
>>
>> PRdO wrote:
>>>
>>> IMHO double encryption *does not* add security, i.e., double
>>> encryption in 128-bit doesn't equal better encryption.
>>> (since encryption uses random keys, "randoming" again the data
>>> would not lead to more secure data).
>>
>> you happen to have one?), then there is by definition
>> nothing to improve. Otherwise, multiple encryption may
>> help, if done properly.
>
> Ah but double encryption is not the way to go about it.
--
----------------------------------------------------------------
Paul Schlyter, Swedish Amateur Astronomer's Society (SAAF)
Grev Turegatan 40, S-114 38 Stockholm, SWEDEN
e-mail: pausch at saaf dot se or paul.schlyter at ausys dot se
WWW: http://hotel04.ausys.se/pausch http://welcome.to/pausch
Paul Schlyter
wtshaw <jgf...@vgrknf.arg> wrote:
> In article <39C3966A...@t-online.de>, Mok-Kong Shen
> <mok-ko...@t-online.de> wrote:
> ...
>> You meant it should be triple, like 3-DES??
>>
>> M. K. Shen
>
> When a person uses 3-DES, they are single encrypting with 3-DES.
different keys.
> An algorithm can be made of any conbination of steps. When two or more
> pieces are combined, the result is one piece. Consider that such a
> request, regulation, standard, whim, or pipe dream to limit so called
> double encryption is a fog to confuse whereever possible; ambiguity shows
> dualism of purpose.
encryption", or three encryptions in succession "triple encryption"
is a correct description of the procedure.
However, "double enryption" or "triple encryption" is not always more
secure than "single encryption". Consider for instance the good ol'
Caesar cipher: double-Caesar or triple-Caesar will be no more secure
than single-Caesar. But triple-DES will be more secure than single-DES.
Tom St Denis
pau...@saafNOSPAM.se (Paul Schlyter) wrote:
> In article <8pvnav$gdt$1...@nnrp1.deja.com>,
> Tom St Denis <std...@compmore.net> wrote:
>
> > Mok-Kong Shen <mok-ko...@t-online.de> wrote:
> >>
> >>
> >> PRdO wrote:
> >>>
> >>> IMHO double encryption *does not* add security, i.e., double
> >>> encryption in 128-bit doesn't equal better encryption.
> >>> (since encryption uses random keys, "randoming" again the data
> >>> would not lead to more secure data).
> >>
> >> If you have an algorithm that does a perfect job (do
> >> you happen to have one?), then there is by definition
> >> nothing to improve. Otherwise, multiple encryption may
> >> help, if done properly.
> >
> > Ah but double encryption is not the way to go about it.
>
> So you're claiming that triple-DES is no more secure than single-
DES ???
Read my message. Geez. I said "double" encryption is not the way to
go about added security.
Mok-Kong Shen
Tom St Denis wrote:
>
> pau...@saafNOSPAM.se (Paul Schlyter) wrote:
> > So you're claiming that triple-DES is no more secure than single-
> DES ???
>
> Read my message. Geez. I said "double" encryption is not the way to
> go about added security.
Could you be more explicit and explain why? Are you
saying that superencipherment is always nonsense?
Is 2-DES not better than DES?
M. K. Shen
Mok-Kong Shen
wtshaw wrote:
>
> <mok-ko...@t-online.de> wrote:
> ...
> > You meant it should be triple, like 3-DES??
>
> When a person uses 3-DES, they are single encrypting with 3-DES. An
> algorithm can be made of any conbination of steps. When two or more
> pieces are combined, the result is one piece. Consider that such a
> request, regulation, standard, whim, or pipe dream to limit so called
> double encryption is a fog to confuse whereever possible; ambiguity shows
> dualism of purpose.
Ah, I understand. In your definition there is never
any multiple encryption and a superencipherment is
simply a single (big) encipherment, there being
(presumably in your view) no need to mention that the
whole is made of certain (in general) different
components. I don't partake your viewpoint. For the
components can, and are in fact commonly, used and
evaluated singly. It is the art of combination that
is of interest in a multiple encryption. We need to
know (to emphasize) what the components are and how
they get combined.
M. K. Shen
Paul Schlyter
Tom St Denis <std...@compmore.net> wrote:
> In article <8q1tea$bhp$1...@merope.saaf.se>,
> pau...@saafNOSPAM.se (Paul Schlyter) wrote:
>> In article <8pvnav$gdt$1...@nnrp1.deja.com>,
>> Tom St Denis <std...@compmore.net> wrote:
>>
>>> In article <39C350A8...@t-online.de>,
>>> Mok-Kong Shen <mok-ko...@t-online.de> wrote:
>>>>
>>>>
>>>> PRdO wrote:
>>>>>
>>>>> IMHO double encryption *does not* add security, i.e., double
>>>>> encryption in 128-bit doesn't equal better encryption.
>>>>> (since encryption uses random keys, "randoming" again the data
>>>>> would not lead to more secure data).
>>>>
>>>> If you have an algorithm that does a perfect job (do
>>>> you happen to have one?), then there is by definition
>>>> nothing to improve. Otherwise, multiple encryption may
>>>> help, if done properly.
>>>
>>
>> So you're claiming that triple-DES is no more secure than single-
>> DES ???
>
> Read my message. Geez. I said "double" encryption is not the way to
> go about added security.
statement applied to triple-DES?
--------------------------------------------------------------------------
One cannot generally state that multiple encryption enhances, or does
not enhance, security -- it depends a lot on the encryption used.
Consider for instance the good ol' Caesar cipher: applying it
multiple times with different "keys" makes the final encryption no
safer than if it was applied only once with one single "key".
Now, instead consider DES, where applying it three times does indeed
make tne encryption safer than if applied only once -- that's why
3DES is so popular.
Tom St Denis
Mok-Kong Shen <mok-ko...@t-online.de> wrote:
>
>
> Tom St Denis wrote:
> >
> > pau...@saafNOSPAM.se (Paul Schlyter) wrote:
>
> > DES ???
> >
> > Read my message. Geez. I said "double" encryption is not the way
to
> > go about added security.
>
> saying that superencipherment is always nonsense?
> Is 2-DES not better than DES?
Given sufficient memory 2-des is not better then des.
Mok-Kong Shen
Tom St Denis wrote:
>
> Mok-Kong Shen <mok-ko...@t-online.de> wrote:
> >
> >
> > Tom St Denis wrote:
> > >
> > > pau...@saafNOSPAM.se (Paul Schlyter) wrote:
> >
> > > > So you're claiming that triple-DES is no more secure than single-
> > > DES ???
> > >
> > > Read my message. Geez. I said "double" encryption is not the way
> to
> > > go about added security.
> >
> > Could you be more explicit and explain why? Are you
> > saying that superencipherment is always nonsense?
> > Is 2-DES not better than DES?
>
> Given sufficient memory 2-des is not better then des.
Please exlpain your claim or refer to literature.
M. K. Shen
wtshaw
Schlyter) wrote:
> In article <jgfunj-1609...@dial-245-138.itexas.net>,
> wtshaw <jgf...@vgrknf.arg> wrote:
> >
> > When a person uses 3-DES, they are single encrypting with 3-DES.
>
> FYI: 3-DES consists of three rounds of DES, using two or three
> different keys.
That is the definition of a newer algorithm than just plain DES. It is not DES.
>
> > An algorithm can be made of any conbination of steps. When two or more
> > pieces are combined, the result is one piece. Consider that such a
> > request, regulation, standard, whim, or pipe dream to limit so called
> > double encryption is a fog to confuse whereever possible; ambiguity shows
> > dualism of purpose.
>
> Nonsense! Calling the use of two encryptions in succession "double
> encryption", or three encryptions in succession "triple encryption"
> is a correct description of the procedure.
The procedure is surely part of the algorithm. The question originally
dealt with a legality. Lawyers tend to try to remake the world in their
own image, as they like to define arbitrarily what they want. I am saying
that that is not reasonable in this case. There are other aspects in
crypto where uneducated druthers don't make sense.
>
> However, "double enryption" or "triple encryption" is not always more
> secure than "single encryption". Consider for instance the good ol'
> Caesar cipher: double-Caesar or triple-Caesar will be no more secure
> than single-Caesar. But triple-DES will be more secure than single-DES.
>
Some algorithms tend to turn quickly in upon themselves when so utilitized.
wtshaw
<mok-ko...@t-online.de> wrote:
> Ah, I understand. In your definition there is never
> any multiple encryption and a superencipherment is
> simply a single (big) encipherment, there being
> (presumably in your view) no need to mention that the
> whole is made of certain (in general) different
> components. I don't partake your viewpoint. For the
> components can, and are in fact commonly, used and
> evaluated singly. It is the art of combination that
> is of interest in a multiple encryption. We need to
> know (to emphasize) what the components are and how
> they get combined.
>
> M. K. Shen
Yes, that is a scientific question, and I have no quibble with such. The
legal parry is something else.
Paul Schlyter
wtshaw <jgf...@vgrknf.arg> wrote:
> In article <8q1tfb$bj1$1...@merope.saaf.se>, pau...@saafNOSPAM.se (Paul
> Schlyter) wrote:
>
>> In article <jgfunj-1609...@dial-245-138.itexas.net>,
>> wtshaw <jgf...@vgrknf.arg> wrote:
>>
>>> When a person uses 3-DES, they are single encrypting with 3-DES.
>>
>> FYI: 3-DES consists of three rounds of DES, using two or three
>> different keys.
>
> That is the definition of a newer algorithm than just plain DES. It
> is not DES.
single, newer, algorithm", then there is of course no such thing
as "double encryption" or "triple encryption": you've just defined
it as non-existent....
Runu Knips
>
> Tom St Denis wrote:
> >
> > Mok-Kong Shen <mok-ko...@t-online.de> wrote:
> > >
> > >
> > > Tom St Denis wrote:
> > > >
> > > > pau...@saafNOSPAM.se (Paul Schlyter) wrote:
> > >
> > > > > So you're claiming that triple-DES is no more secure than single-
> > > > DES ???
> > > >
> > > > Read my message. Geez. I said "double" encryption is not the way
> > to
> > > > go about added security.
> > >
> > > Could you be more explicit and explain why? Are you
> > > saying that superencipherment is always nonsense?
> > > Is 2-DES not better than DES?
> >
> > Given sufficient memory 2-des is not better then des.
>
> Please exlpain your claim or refer to literature.
That is the reason why people use 3DES, and never 2DES.
Well this has been explained, for example, in Bruce Schneiers
Applied Crypto. At least I think so ;-), I don't have it at
hand in the moment. There is an attack which requires masses
of memory, but then you can attack 2DES by attacking it from
both ends (meet-in-the-middle-attack).
It is also explained in my other crypto book, "Abendteuer
Kryptologie" (Adventure Cryptology), by Reinhard Wobst,
Addison Wesley, ISBN 3-8273-1413-5, page 192ff.
I think every not too short book which discusses DES would
contain this proof.
root@localhost <spamthis>
>
> PRdO wrote:
> > IMHO double encryption *does not* add security, i.e., double
> > encryption in 128-bit doesn't equal better encryption.
> > (since encryption uses random keys, "randoming" again the data
> > would not lead to more secure data).
>
> result is usually harder for an eavesdropper to crack than if
> just one of the two encryptions had been used. There is no
> randomness involved in either encryption.
He said that applying Ceaser cipher twice does not enhance security. He
was correct in that statement.
--
If children don't know why their grandparents did what they
did, shall those children know what is worth preserving and what
should change?
Mok-Kong Shen
Runu Knips wrote:
>
> Mok-Kong Shen wrote:
> > Tom St Denis wrote:
> > > Mok-Kong Shen <mok-ko...@t-online.de> wrote:
> > > > Tom St Denis wrote:
> > > > > pau...@saafNOSPAM.se (Paul Schlyter) wrote:
> > > >
> > > > > > So you're claiming that triple-DES is no more secure than single-
> > > > > DES ???
> > > > >
> > > > > Read my message. Geez. I said "double" encryption is not the way
> > > to
> > > > > go about added security.
> > > >
> > > > Could you be more explicit and explain why? Are you
> > > > saying that superencipherment is always nonsense?
> > > > Is 2-DES not better than DES?
> > >
> > > Given sufficient memory 2-des is not better then des.
> >
> > Please exlpain your claim or refer to literature.
>
> That is the reason why people use 3DES, and never 2DES.
>
> Well this has been explained, for example, in Bruce Schneiers
> Applied Crypto. At least I think so ;-), I don't have it at
> hand in the moment. There is an attack which requires masses
> of memory, but then you can attack 2DES by attacking it from
> both ends (meet-in-the-middle-attack).
Do you really mean that a 2-DES (with two independent
keys) is not an jota stronger than DES??
>
> It is also explained in my other crypto book, "Abendteuer
> Kryptologie" (Adventure Cryptology), by Reinhard Wobst,
> Addison Wesley, ISBN 3-8273-1413-5, page 192ff.
It is strange that I found p.192 of this book (1997
edition) deals with RC5 and not DES or 2-DES. I suppose
you erred. Could you give the correct page number?
M. K. Shen
John Savard
<osi...@deltaville.net> wrote, in part:
>He said that applying Ceaser cipher twice does not enhance security. He
>was correct in that statement.
That may be, but that was not the statement quoted and contradicted.
Essentially, the case where multiple encryption would do nothing is if
the cipher were a *group*: that is, there existed a key k3 such that
for any keys k1 and k2, E(E(x,k1),k2) = E(x,k3); that is, there would
exist a key, even if it was hard to find, for any two other keys such
that encrypting with that key would be the same as encrypting twice,
with those two other keys in order.
That's true for the Caesar cipher, but it certainly isn't true for the
AES candidates.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
Guy Macon
>
>He said that applying Ceaser cipher twice does not enhance security. He
>was correct in that statement.
You mean I shouldn't be applying ROT-13 twice? Several experts have
told me that applying ROT-13 twice is *so* secure that an attacker
with infinite resourses can't even tell what algorithm I used...
Runu Knips
Hmm I have the 2nd edition, it is on page 192 there, in
the chapter "5.2.1 Triple-DES".
WARNING: the following is GERMAN. Translating it would
require too much time and maybe loose details.
"Es gibt eine Methode, doppelte Verschluesselung zu kryptanaylsieren.
Dabei handelt es sich um eine Kombination von Brute Force und einem
Angriff mit bekanntem Klartext. Der Kryptanalytiker stellt sich
sozusagen in die Mitte zwischen beide Verschluesselungen. Auf der
einen Seite chiffriert er den bekannten Klartext mit allen
Schluesseln, auf der anderen dechiffriert er den Geheimtext, und
in der Mitte sollen beide Ergebnisse uebereinstimmen."
[...]
"Im Prinzip reichen schon zwei Klartext-Geheimtext-Blockpaare fuer
diesen Angriff aus. Der Gedanke ist sehr einfach:
Bekannt seien ein Klartextblock P und der zugehoerige Geheimtext
C, entstanden aus der doppelten Verschluesselung:
C = DES(K, DES(K', (P))
Wir chiffriern nun P mit allen moeglichen Schluesseln K' und
speichern die Ergebnisse. Anschliessend dechiffrieren wir C mit
allen moeglichen Schluesseln K und schauen nach, ob das
Dechiffrat unter den erzeugten Chiffraten vorkommt. Wenn ja,
dann testen wir die beiden Schluessel K und K' an einem zweiten
Paar. Bestehen K und K' diesen Test, dann sind es mit ziemlicher
Wahrscheinlichkeit die richtigen Schluessel. Wir koennen nun
weitere, aufwendigere Tests durchfuehren."
[...]
Of course, this attack requires masses of memory, which are
not available today, but this theoretical weakness is enough
that people prefer to use 3DES, instead of 2DES.
Trevor L. Jackson, III
They also can't tell which of the four combinations DD, DE, ED, or EE were
used.
Trevor L. Jackson, III
> In article <jgfunj-1709...@dial-243-155.itexas.net>,
> wtshaw <jgf...@vgrknf.arg> wrote:
>
> > In article <8q1tfb$bj1$1...@merope.saaf.se>, pau...@saafNOSPAM.se (Paul
> > Schlyter) wrote:
> >
> >> In article <jgfunj-1609...@dial-245-138.itexas.net>,
> >> wtshaw <jgf...@vgrknf.arg> wrote:
> >>
> >>> When a person uses 3-DES, they are single encrypting with 3-DES.
> >>
> >> FYI: 3-DES consists of three rounds of DES, using two or three
> >> different keys.
> >
> > That is the definition of a newer algorithm than just plain DES. It
> > is not DES.
>
> Well, if you consider any combination of crypto algorithm as "one
> single, newer, algorithm", then there is of course no such thing
> as "double encryption" or "triple encryption": you've just defined
> it as non-existent....
The opposing view point would be to consider DES as hexadectuple
encryption. Or worse.
Mok-Kong Shen
Runu Knips wrote:
>
> Of course, this attack requires masses of memory, which are
> not available today, but this theoretical weakness is enough
> that people prefer to use 3DES, instead of 2DES.
But that does not say that analysing 2-DES is exactly
as simple and as difficult as DES! That was the point.
M. K. Shen
Guy Macon
>
>
>Guy Macon wrote:
>
>> You mean I shouldn't be applying ROT-13 twice? Several experts have
>> told me that applying ROT-13 twice is *so* secure that an attacker
>> with infinite resourses can't even tell what algorithm I used...
>
>They also can't tell which of the four combinations DD, DE, ED,
>or EE were used.
Who could possibly ask for more security than that???
Paul Schlyter
Trevor L. Jackson, III <full...@aspi.net> wrote:
> Paul Schlyter wrote:
>
>> In article <jgfunj-1709...@dial-243-155.itexas.net>,
>> wtshaw <jgf...@vgrknf.arg> wrote:
>>
>>> In article <8q1tfb$bj1$1...@merope.saaf.se>, pau...@saafNOSPAM.se (Paul
>>> Schlyter) wrote:
>>>
>>>> In article <jgfunj-1609...@dial-245-138.itexas.net>,
>>>> wtshaw <jgf...@vgrknf.arg> wrote:
>>>>
>>>>> When a person uses 3-DES, they are single encrypting with 3-DES.
>>>>
>>>> FYI: 3-DES consists of three rounds of DES, using two or three
>>>> different keys.
>>>
>>> That is the definition of a newer algorithm than just plain DES. It
>>> is not DES.
>>
>> Well, if you consider any combination of crypto algorithm as "one
>> single, newer, algorithm", then there is of course no such thing
>> as "double encryption" or "triple encryption": you've just defined
>> it as non-existent....
>
> encryption. Or worse.
often the middle road is best.
Arturo
Hope nobody is taking you guys seriously ;-)
Guy Macon
Oh, *real* clever, Arturo. Did you think that nobody would notice
you double encrypting your post using ROT13? Well *I* noticed, and
I double DEcrypted it with ROT13 bnefor replying. So there!
Bob Silverman
"PRdO" <pr...@barak-online.net> wrote:
> IMHO double encryption *does not* add security, i.e., double
encryption in
> 128-bit doesn't equal better encryption.
> (since encryption uses random keys, "randoming" again the data would
not
> lead to more secure data).
This post looks very much like a troll, but I will answer it anyway...
Fortunately, for people who bother to think, cryptographic methods are
not confirmed or discarded by popular opinion. What matters is
analysis, and under this rubrik, your opinion isn't worth very much.
This is especially true since the way you pose your remarks
(i.e. "randoming" the data) indicates that precision of thought and
you have not yet met.
--
Bob Silverman
"You can lead a horse's ass to knowledge, but you can't make him think"
John Myre
<snip>
> Oh, *real* clever, Arturo. Did you think that nobody would notice
> you double encrypting your post using ROT13? Well *I* noticed, and
> I double DEcrypted it with ROT13 bnefor replying. So there!
"bnefor"?
I think there is a bug in your ROT13 implementation.
JM
Trevor L. Jackson, III
These things are to be expected from a probabilistic decryption system.
;-)
Frog2000
"Trevor L. Jackson, III" <full...@aspi.net> wrote in message
news:39CA3454...@aspi.net...
Trevor L. Jackson, III
> ’Ñ)iæ#ŒŒ–Í¿12NBä!Gò 3,˜ºÖ®ý…žmØ z°²=dW
Looks a lot like a multi unicode character sequence that has been encrypted
with Rot-257.
When you offer gibberish and ask for more, what are you likely to get?
Frog2000
> Frog2000 wrote:
>
> > OK then, what is this file?
> >
> > "Trevor L. Jackson, III" <full...@aspi.net> wrote in message
> > news:39CA3454...@aspi.net...
> > > John Myre wrote:
> > >
> > > > Guy Macon wrote:
> > > > <snip>
> > > > > Oh, *real* clever, Arturo. Did you think that nobody would notice
> > > > > you double encrypting your post using ROT13? Well *I* noticed,
and
> > > > > I double DEcrypted it with ROT13 bnefor replying. So there!
> > > >
> > > > "bnefor"?
> > > >
> > > > I think there is a bug in your ROT13 implementation.
> > >
> > > These things are to be expected from a probabilistic decryption
system.
> > > ;-)
> > >
> > >
> >
> Looks a lot like a multi unicode character sequence that has been
encrypted
> with Rot-257.
>
> When you offer gibberish and ask for more, what are you likely to get?
>