[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: A New Triple-DES Key Wrap Algorithm
- To: Burt Kaliski <burt@RSA.COM>
- Subject: RE: A New Triple-DES Key Wrap Algorithm
- From: Carl Ellison <cme@ACM.ORG>
- Date: Wed, 03 Feb 1999 21:38:04 -0800
- Cc: djohnson@certicom.com, housley@spyrus.com, "'Bob Jueneman'" <BJUENEMAN@novell.com>, cme@ACM.ORG, berson@anagram.com, mjmarkowitz@attmail.com, bschanni@BayNetworks.com, kent@bbn.com, pcain@bbn.com, mhetzel@bell-labs.com, brickell@certco.com, djohnson@certicom.ca, schneier@counterpane.com, denning@cs.cosc.georgetown.edu, smid@csmes.ncsl.nist.gov, omura@cylink.com, carlisle.adams@entrust.com, paulv@entrust.com, Blake.greenlee@greenlee.com, ietf-smime@imc.org, benaloh@microsoft.com, bfox@microsoft.com, cjwagne@missi.ncsc.mil, jis@mit.edu, Bob Jueneman <BJUENEMAN.PRV-7.PROVO@novell.com>, Tolga Acar <TACAR.PRV-7.PROVO@novell.com>, merkle@parc.xerox.com, BSnow@radium.ncsc.mil, ekr@rtfm.com, jlinn@securitydynamics.com, ams@terisa.com, Ron Rivest <rivest@theory.lcs.mit.edu>, balenson@tis.com, denny@tis.com, acc@tycho.ncsc.mil, jhs@tycho.ncsc.mil, desmedt@uwm.edu, smatyas@vnet.ibm.com
- In-Reply-To: <>
- List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
- List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
- Sender: owner-ietf-smime@imc.org
-----BEGIN PGP SIGNED MESSAGE-----
At 01:48 PM 2/3/99 -0800, Burt Kaliski wrote:
>Don Johnson's proposal two-pass encryption with triple-DES-CBC is another
>option. It has the advantage of not requiring a separate hash function, and,
>implemented with appropriate settings, resists the birthday attacks on the
>original method.
Burt and Don,
I'm not sure what Don intended, but I was reminded of one of Ron Rivest's
papers (in Cryptologia) -- proposing bidirectional encryption when the
system is easier to break in one direction than the other.
In the case of CBC mode, one could encrypt a long block twice, as Don
suggested, but index the blocks in reverse order the second time. The IV
could be 0 for both passes.
I haven't tried analyzing this mode of operation yet, but it has a pleasant
symmetry.
- Carl
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.5.3
iQCVAwUBNrkyPBN3Wx8QwqUtAQGY3AP/SAQCC/k07vQeXI7VLSfgJbO3qRWU9rm4
KUwcyGXIa6gcg7pOaFzU9uPW7BTaGIyHGwxGlR4o5EJWIjar+LwK2aGVSMixCxwJ
bPjuzW7DKSvyBNaBtpuE0T6DlPJ6VBGsT0YH9lP3FaCzz+xckqzWP0G9UdXxa4qs
scblI9OFe8A=
=S+zU
-----END PGP SIGNATURE-----
+------------------------------------------------------------------+
|Carl M. Ellison cme@acm.org http://www.pobox.com/~cme |
| PGP: 08FF BA05 599B 49D2 23C6 6FFD 36BA D342 |
+--Officer, officer, arrest that man. He's whistling a dirty song.-+