312-50V10 · Question #776
What is the known plaintext attack used against DES which gives the result that encrypting plaintext with one DES key followed by encrypting it with a second DES key is no more secure than using a sin
The correct answer is B. Meet-in-the-middle attack. The meet-in-the-middle attack demonstrates that Double DES provides negligible security improvement over single DES by exploiting a known plaintext to attack both encryption layers simultaneously.
Question
What is the known plaintext attack used against DES which gives the result that encrypting plaintext with one DES key followed by encrypting it with a second DES key is no more secure than using a single key?
Options
- AMan-in-the-middle attack
- BMeet-in-the-middle attack
- CReplay attack
- DTraffic analysis attack
How the community answered
(57 responses)- A18% (10)
- B70% (40)
- C5% (3)
- D7% (4)
Why each option
The meet-in-the-middle attack demonstrates that Double DES provides negligible security improvement over single DES by exploiting a known plaintext to attack both encryption layers simultaneously.
A man-in-the-middle attack intercepts communications between two parties in transit and is a network-layer attack, not a cryptanalytic technique targeting double encryption key spaces.
The meet-in-the-middle attack works by encrypting the known plaintext forward with all possible first keys and decrypting the ciphertext backward with all possible second keys, then finding matches in the middle. This reduces the effective key space from 2^112 to 2^57, making Double DES only marginally stronger than single DES. It is a known-plaintext attack because the attacker must possess a plaintext-ciphertext pair to perform the matching step.
A replay attack involves capturing and retransmitting valid authentication or session data to impersonate a user, and does not involve cryptanalysis of encryption key combinations.
Traffic analysis examines patterns, timing, and volume of network communications to infer information without decrypting content, and does not evaluate the strength of multi-key encryption schemes.
Concept tested: Meet-in-the-middle attack against Double DES
Source: https://csrc.nist.gov/glossary/term/meet_in_the_middle_attack
Topics
Community Discussion
No community discussion yet for this question.