Security Basics mailing list archives

Re: MITM attack on 3TDES

From: "Saqib Ali" <docbook.xml () gmail com>
Date: Wed, 13 Sep 2006 08:02:29 -0700

Hello Shahin,

I think you are referring to the "Man In The Middle" Attack which is
launched against a Crytographic "Protocol". See:
http://en.wikipedia.org/wiki/Man-in-the-middle_attack

What I was  referring to was "Meet In The Middle" attack, which is
used to attack a Cryptographic "Algorithm" (cipher). See:
http://en.wikipedia.org/wiki/Meet-in-the-middle_attack

3TDES, being a cipher (cyrptographic algorithm), is susceptible to
"Meet In The Middle" attack.

Thanks
--
Saqib Ali, CISSP, ISSAP
Support http://www.capital-punishment.net
-----------
"I fear, if I rebel against my Lord, the retribution of an Awful Day
(The Day of Resurrection)" Al-Quran 6:15
-----------

On 9/13/06, Shahin Ansari <zohal52 () yahoo com> wrote:

Sure what I mean is MITM usually is trying to crack encrypted IP traffic
right?  So the person knows approximatly where is the header, and other
fields of the IP packet.  That is the "known text" part of the comment.  And
it gives the attacker some leverage.  So the "effective" key refers to
actual computing power that an attacker needs to crack the key not the
cumulative key space of Triple DES.  I am still working on digesting the
whole thing myself and should have a better understanding soon.  But this is
what I have understood so far.  Hope it helps.


Saqib Ali <docbook.xml () gmail com> wrote:

shahin,
can you please elaborate on what you mean by that.

thanks


On 9/12/06, Shahin Ansari wrote:
> I believe shorter effective key lenght is related to fact that all attacks
> are a combination of known text in addition to the effort to crack the
key.
> Therefore the effective key lenght is shorter than the size of key space.
>
> Alexander Klimov wrote: On Wed, 6 Sep 2006, Saqib Ali

> wrote:
>
> > Can anyone explain how the MITM works on 3TDES (three distinct keys)?
> > I am typically interested in finding out why 3TDES has effective
> > key-length of 112-bit
>
> Get a (plain text, cipher text) pair (m,c) encrypted with some unknown
> key (k1,k2,k3):
>
> s = E(k1,m)
> t = E(k2,s)
> c = E(k3,t)
>
> For all possible (k1,k2) pairs (2^112 possibilities) calculate
>
> t' = E(k2,E(k1,m))
>
> For all possible k3 (2^56 possibilities) calculate
>
> t'' = D(k3,c)
>
> Sort the sets of t' and t'' and find (k1,k2) and k3 such that t'=t''
>
> Check each such (k1,k2,k3) with several additional (plain text, cipher
> text) pairs to find the right key.
>
> --
> Regards,
> ASK
>
>
---------------------------------------------------------------------------
> This list is sponsored by: Norwich University
>
> EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
> The NSA has designated Norwich University a center of Academic Excellence
> in Information Security. Our program offers unparalleled Infosec
management
> education and the case study affords you unmatched consulting experience.
> Using interactive e-Learning technology, you can earn this esteemed
degree,
> without disrupting your career or home life.
>
> http://www.msia.norwich.edu/secfocus
>
---------------------------------------------------------------------------
>
>
>
>
> ---------------------------------
> How low will we go? Check out Yahoo! Messenger's low PC-to-Phone call
> rates.
>


--
Saqib Ali, CISSP, ISSAP
Support http://www.capital-punishment.net
-----------
"I fear, if I rebel against my Lord, the retribution of an Awful Day
(The Day of Resurrection)" Al-Quran 6:15
-----------




 ________________________________
Do you Yahoo!?
 Next-gen email? Have it all with the all-new Yahoo! Mail.



--
Saqib Ali, CISSP, ISSAP
Support http://www.capital-punishment.net
-----------
"I fear, if I rebel against my Lord, the retribution of an Awful Day
(The Day of Resurrection)" Al-Quran 6:15
-----------

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE

The NSA has designated Norwich University a center of Academic Excellencein Information Security. Our program offers unparalleled Infosec managementeducation and the case study affords you unmatched consulting experience.Using interactive e-Learning technology, you can earn this esteemed degree,without disrupting your career or home life.


http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

Current thread:

MITM attack on 3TDES Saqib Ali (Sep 07)
- Re: MITM attack on 3TDES Alexander Klimov (Sep 11)
  - Re: MITM attack on 3TDES Saqib Ali (Sep 12)
  - Message not available
    - Re: MITM attack on 3TDES Saqib Ali (Sep 13)
    - Message not available
    - Re: MITM attack on 3TDES Saqib Ali (Sep 13)