Path: cactus.org!cs.utexas.edu!howland.reston.ans.net!agate!news.Brown.EDU! + noc.near.net!news.delphi.com!davesparks From: davesparks@delphi.com (Dave Sparks) Newsgroups: sci.crypt Subject: Re: 2x Isolated Double-DES: Another Weak Date: 20 Feb 1994 03:52:05 GMT Organization: Delphi Internet Services Corporation Lines: 26 Message-ID: <9402192242594.davesparks.DLITE@delphi.com> References: <1994Feb17.081955.5629@cactus.org> NNTP-Posting-Host: bos2a.delphi.com >> This works for the normal double-DES construction because it is >> possible to check for matches between B and C; the weakness seems >> to be the ability to check for a match. How would this be implemented? Wouldn't you have to keep all of your Bs and Cs in active memory, and perform a comparison each time? This could total as many as 2^56 of each, correct? Not only would each have to be kept in memory, but as the search progressed, the number of comparisons would increase each time. I suppose you could keep the list of intermediate B and C values in a sorted array and do a binary search each time, but it still seems quite memory-intensive. By my calculations, 2^60 bytes of storage would be needed. Am I missing some optimization that would make this sort of an attack practical? Assuming that a $1 million optimized machine can break single DES in 3.5 hours, it wouldn't seem logical that double-DES could be broken in 7 hours using two such machines, because of the third machine that would need to be constantly storing and comparing the output of the other two. /--------------+------------------------------------\ | | Internet: davesparks@delphi.com | | Dave Sparks | Fidonet: Dave Sparks @ 1:207/212 | | | Famnet: Dave Sparks @ 77:500/1 | | | BBS: (909) 353-9821 - 14.4K | \--------------+------------------------------------/