Cryptography Reference
In-Depth Information
before it hit the right combination. This is not infeasible; my modern laptop can
repeat the non-optimized decrypt routine shown roughly 7,500 times per second.
This means it would take me about 5 trillion seconds, or about 150,000 years
for me to search the entire keyspace. This is a long time, but the brute-forcing
process is infi nitely parallelizable. If I had two computers to dedicate to the
task, I could have the fi rst search keys from 0-2
55
and the second search keys
from 2
55
-2
56
. They would crack the key in about 79,000 years. If, with signifi cant
optimizations, I could increase the decryption time to 75,000 operations per
second (which is feasible), I'd only need about 7,500 years with two computers.
With about 7,500 computers, I'd only need a little less than two years to search
through half the keyspace.
In fact, optimized, parallelized hardware has been shown to be capable of
cracking a DES key by brute force in just a few days. The hardware is not cheap,
but if the value of the data is greater than the cost of the specialized hardware,
alternative encryption should be considered.
The proposed solution to increase the keyspace beyond what can feasibly be
brute-forced is called
triple DES
or
3DES
. 3DES has a 168-bit (56 * 3) key. It's called
triple-DES because it splits the key into three 56-bit keys and repeats the DES
rounds described earlier three times, once with each key. The clearest and most
secure way to generate the three keys that 3DES requires is to just generate 168
bits, split them cleanly into three 56-bit chunks, and use each independently. The
3DES specifi cation actually allows the same 56-bit key to be used three times, or
to use a 112-bit key, split it into two, and reuse one of the two keys for one of the
three rounds. Presumably this is allowed for backward-compatibility reasons
(for example, if you have an existing DES key that you would like to or need to
reuse as is), but you can just assume the simplest case where you have 168 bits
to play with — this is what SSL expects when it uses 3DES as well.
One important wrinkle in the 3DES implementation is that you don't encrypt
three times with the three keys. Instead you encrypt with one key,
decrypt
that
with a different key — remember that decrypting with a mismatched key pro-
duces garbage, but reversible garbage, which is exactly what you want when
doing cryptographic work — and fi nally encrypt that with yet a third key.
Decryption, of course, is the opposite — decrypt with the third key, encrypt
that with the second, and fi nally decrypt that with the fi rst. Notice that you
reverse the order of the keys when decrypting; this is important! The Encrypt/
Decrypt/Encrypt procedure makes cryptanalysis more diffi cult. Note that the
“use the same key three times” option mentioned earlier is essentially useless.
You encrypt with a key, decrypt with the same key, and re-encrypt again with
the same key to produce the exact same results as encrypting one time.
Padding and cipher-block-chaining do not change at all. 3DES works with
eight-byte blocks, and you need to take care with initialization vectors to ensure
that the same eight-byte block encrypted twice with the same key appears dif-
ferent in the output.
Search WWH ::
Custom Search