| |||||||||||||
AES securityAES securityPosted Oct 16, 2009 13:02 UTC (Fri) by pharm (guest, #22305)In reply to: AES security by brouhaha Parent article: Ubuntu to store copies of all users' address books
Just using the same encryption algorithm twice with two different keys of size N does not increase
the exhaustive search time from 2^n to 2^2n, thanks to meet-in-the-middle attacks, which reduce the time to 4^n. IOW in return for doubling your key size you've increased the search time by a factor of 2: That doesn't seem a good tradeoff.
Leave designing encryption algorithms to the experts: Personally, I know just enough to know that I
(Log in to post comments)
AES security Posted Oct 16, 2009 19:22 UTC (Fri) by brouhaha (guest, #1698) [Link]
The meet in the middle attack reduces the time from 2^(2n) to 2^(n+1). This is why 3DES (even with 168 bits of keying) only effectively gives 112 bits of security. That's why I didn't propose 4DES, which wouldn't have any improvement in security over 3DES. However, my proposed 6DES would give 168 bits of security, or 8DES sould give 224, etc. 6DES has the advantage that you can use an existing 3DES implementation twice.
However, that's just the time complexity. The meet in the middle attack also requires storage for 2^n blocks, which is obviously not available for n=112, let alone larger values of n.
AES security Posted Oct 16, 2009 20:08 UTC (Fri) by ABCD (subscriber, #53650) [Link]
> Just using the same encryption algorithm twice with two different keys of
> size N does not increase the exhaustive search time from 2^n to 2^2n, > thanks to meet-in-the-middle attacks, which reduce the time to 4^n.
I think there is a mistake somewhere in there, because 2^(2n) = (2^2)^n = 4^n.
AES security Posted Oct 18, 2009 16:08 UTC (Sun) by pharm (guest, #22305) [Link]
Yes, a thinko on my part.
|
|||||||||||||