| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: Can oracle support encryption on some sensitive field in database?
Allen Kistler doodled thusly:
>This is a slight digression, but ....
>
>3DES uses two 56-bit keys, hence 3DES essentially has a 112-bit key.
>
>M = cleartext
>C = ciphertext
>K1 = first key
>K2 = second key
>
>Start with M
>Encrypt with K1
>Decrypt with K2
>Encrypt with K1
>You get C
>
>Why not use three keys (K1, K2, and K3)?
>Because then it's possible to find two keys (K1' and K2') which give
>you the same result. In fact there are exactly 2^56 sets of such
>keys. So even though you used 168 bits worth of keys, you only got
>112 bits worth of encryption.
>
>So if you only get 112 bits worth of encryption anyway, why do the
>last encryption step?
>Because if you don't, there are about 2^55 sets of (K1' and K2') that
>produce the same result. So even though you used 112 bits worth of
>keys, you only got about 57 bits worth of encryption.
Interesting. All this encrypt/decrypt stuff and 2^nn sets always gives me a headache. I can't grasp why using three keys enables the finding of 2^56 sets of two keys that give the same result. Anywhere this is treated in layman's terms but still made understandable?
Cheers
Nuno Souto
nsouto_at_optushome.com.au.nospam
Received on Tue Nov 20 2001 - 10:07:48 CST
 |
 |