From: John Payson

Subject: Re: 2x Isolated Double-DES: Another Weak
Date: 21 Feb 1994 12:31:02 -0600
Organization: /usr/lib/news/organi[sz]ation
Lines: 25

In article <>,
Dave Sparks  wrote:
> >> This works for the normal double-DES construction because it is
> >> possible to check for matches between B and C; the weakness seems
> >> to be the ability to check for a match.
>How would this be implemented?  Wouldn't you have to keep all of your Bs and
>Cs in active memory, and perform a comparison each time?  This could total as
>many as 2^56 of each, correct?  Not only would each have to be kept in
>memory, but as the search progressed, the number of comparisons would
>increase each time.  I suppose you could keep the list of intermediate B and
>C values in a sorted array and do a binary search each time, but it still
>seems quite memory-intensive.  By my calculations, 2^60 bytes of
>storage would be needed.  Am I missing some optimization that would make this
>sort of an attack practical?

Yes.  Given two lists of numbers in which you would like to find duplicates,
all you need to do is SORT the lists of numbers; then the time to do a
matchup is linear in the size of the lists.  While your tape (I can't really
see using any other kind of I/O) would have to be really huge, it would
probably not be impossible.
-------------------------------------------------------------------------------    |  "Je crois que je ne vais jamais voir...  |   J\_/L
 John Payson         |   Un animal si beau qu'un chat."          |  ( o o )