While I am not a mathematician or cryptanalyst, it seems reasonable
that this would merely result in the situation where a third key from
the available binary keyspace would decrypt the data in one pass. Is
this in fact the case?
--
Jim Adams Department of Physiology and Biophysics
ad...@ucunix.san.uc.edu University of Cincinnati College of Medicine
"I like the symbol visually, plus it will confuse people."
... Jim Morrison
I don't believe this question has been answered.
Meanwhile, if the 2nd pass were offset from the first
11111111 11111111 11111111 11111111
22222222 22222222 22222222 22222222
yielding
1111 22222222 22222222 22222222 ....
there would be no third key because DES operates on blocks of 8 bytes
and this output has an initial block of 4 (not to mention information
in the first 8-byte block (2's) from the entire first 16 bytes of
input).
I have no reason to think so. Why would you think it would?
Maybe.
> While I am not a mathematician or cryptanalyst, it seems reasonable
> that this would merely result in the situation where a third key from
> the available binary keyspace would decrypt the data in one pass. Is
> this in fact the case?
To the best of my knowledge, no one who's talking knows the answer.
I seem to recall reading that the general feeling was ``no'', that
there was not necessarily a third key that would be equivalent.
That doesn't mean it's any more secure, of course. Davies and Price
note that some people have advocated encrypting with K1, decrypting
with K2, and encrypting with K3 for high security. I think that IBM
does that for shipping keys around, in fact.
One further point... If you're saying ``more secure'', you have to
ask ``more secure against whom?''. If the enemy is a hacker who has
sabotaged your encryption command, it doesn't matter how many keys
you're using; they can all be recorded. If your enemy is NSA, they
may be able to get through it anyway, and they're probably the only
ones who know for sure if multiple encryptions are really more secure.
And if your enemy is someone else -- well, no one has published any
way to crack DES, so unless you're trying to outwit a major intelligence
agency (NSA, KGB, GCHQ, Mossad (or whoever does that sort of thing
in Israel), etc.) a single encryption with DES is almost certainly
sufficient for now.
>I noted in the man page for fast-des that there is an option to invoke
>miltiple pass encryption with different keys. It was stated that this
>increased the security of the encryption.
See: Coppersmith, D. "Cryptography", IBM Journal of research and
Development, Vol. 31, no. 2, pp. 244-248, March 1987, on
the value of triple-encryption. Also the present issue of
IBM System Journal has an interesting article on masterkeying
DES through use of vectors.
Robert Ames am...@ontmoh.uucp P.O. Box 724, Station 'A'
Toronto, Ontario, Canada
--
Robert Ames am...@ontmoh.uucp P.O. Box 724, Station 'A'
Toronto, Ontario, Canada
Why bother with DES at all?
A possible answer is that you are part of a transaction in
which the other people have accepted DES as their standard,
and they are big enough to tell you that you must use DES
or go fish. Therefore your security is only as good as theirs.
Whatever you can do to improve your security is limited by
their security.
Another answer is that you think DES is the cat's meow. In
which case I suggest you go see a a voodoo priest to get the
bad spirits cast out.
>I might prefer using a weak system for
>enciphering the output of DES which can be
>demonstrated to result in something stronger
>than DES (for example a transposition over 32
>bytes).
Not really strong.
>Tom Scharle
--
William "Alain" Simon al...@elevia.UUCP
I doubt very much you can weaken DES by using multiple encryption.
But I'm no expert, so you have to make your own opinion.
My real comment is on the way to perform multiple encryption with DES.
The idea of using multiple encryption is to increase the key space and
make attacks based on key exhaustion less believable.
There is an official way of doing this: use the EDE
(Encrypt-Decrypt-Encrypt) mode of DES. EDE mode uses 2 keys: k1 and k2.
c = E_k1( D_k2( E_k1( m )))
Why 3 passes if you're only using 2 keys?
Well, to decrypt you:
m = D_k1( E_k2( D_k1( c )))
This way you don't have to reverse the order of keys for decryption.
In hardware, you plug 3 DES chips in a pipeline with the Encrypt/Decrypt
line attached directly to the first and last chip and attached through
a "not" gate to the middle chip. It is a lot easier than shuffling
the keys around. Off course, this mode is very much a **** in the ***
in software ;-(
>--
>Tom Scharle cm65n6@irishmvs(Bitnet)
>Room G003 Computing Center
>University of Notre Dame Notre Dame, IN 46556-0539
--
--
Philippe Hebrais heb...@mirkwood.cam.org
Voix: (514) 731-9146 uunet!philmtl!altitude!mirkwood!phil