Options

Can anyone easily explain Meet-In-The-Middle Crypto Attack?

JockVSJockJockVSJock Member Posts: 1,118
in SSCP
I've read this thru a few times and have Googled the subject and still not understanding how this attack is done.

I'm reading E Conrad's description and still not able to understand this.
***Freedom of Speech, Just Watch What You Say*** Example, Beware of CompTIA Certs (Deleted From Google Cached)

"Its easier to deceive the masses then to convince the masses that they have been deceived."
-unknown
· Share on FacebookShare on Twitter

Comments

  • Options
    philz1982philz1982 Member Posts: 978
    Ok,

    If you reference page 118 in his book. He talks about this being a double DES Encrypt Encrypt attack. Thinking about it from a chaining perspective helped me. You are performing a known text attack against a single DES 56 bit Key space to deduce the 64 bit key. If you try to deduce the key at the end you effectively have to break a 112 bit encryption. By breaking the first DES key you then know what is being fed into the second key space. Now you can work on breaking the second key. Once you have both keys you can decrypt the message. You could break the 112 bit at the end but it would have a much higher work factor.

    Also using the Triple DES Key EDE will help combat the man in the middle because you are breaking the ability to perform a man in the middle with the decrypt. This means the attacker still has to deal with a 112bit and a 56 bit.

    Hope this helps and pardon the spelling...

    -Phil
    Read my blog @ www.buildingautomationmonthly.com
    Connect with me on LinkedIn @ https://www.linkedin.com/in/phillipzito
    · Share on FacebookShare on Twitter
  • Options
    JockVSJockJockVSJock Member Posts: 1,118
    philz1982 wrote: »
    Ok,

    If you reference page 118 in his book.

    I have the 2nd Edition, in which pg 118 refers to Chp3, telecommunications and network security domain.

    In 2nd Edition, Meet-In-The-Middle paragraphs are on pg 242.
    ***Freedom of Speech, Just Watch What You Say*** Example, Beware of CompTIA Certs (Deleted From Google Cached)

    "Its easier to deceive the masses then to convince the masses that they have been deceived."
    -unknown
    · Share on FacebookShare on Twitter
  • Options
    philz1982philz1982 Member Posts: 978
    Sorry mine is version 1. It's Chapter 4 domain 3. Under attacks. Meet-In-the-Middle attack.

    First sentence is A meet-in-the-middle attack encrypts on one side, decrypts on the other side, andmeets in the middle.

    That should help you look for it if you have the PDF version.
    Read my blog @ www.buildingautomationmonthly.com
    Connect with me on LinkedIn @ https://www.linkedin.com/in/phillipzito
    · Share on FacebookShare on Twitter
  • Options
    beadsbeads Member Posts: 1,531 ■■■■■■■■■□
    Maybe a bit oversimplified and in a lecture based series but covers everything you need to understand how man-in-the-middle attacks occur in living 4-bit: CSS322, Lecture 08, 30 Nov 2012 - YouTube

    You while oft difficult to find exactly what your looking for is often a really good, if not overlooked, resource.

    - beads
    · Share on FacebookShare on Twitter
Sign In or Register to comment.