From 2bbaab4a244ca5c8a9ae301039c5b29d546cef28 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Bodo=20M=C3=B6ller?= <bodo@openssl.org>
Date: Tue, 5 Mar 2002 15:30:13 +0000
Subject: [PATCH] Rephrase statement on the security of two-key 3DES.

  [Chosen plaintext attack: R. Merkle, M. Hellman: "On the Security of
  Multiple Encryption", CACM 24 (1981) pp. 465-467, p. 776.

  Known plaintext angriff: P.C. van Oorschot, M. Wiener: "A
  known-plaintext attack on two-key triple encryption", EUROCRYPT '90.]
---
 doc/crypto/des_modes.pod | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/doc/crypto/des_modes.pod b/doc/crypto/des_modes.pod
index 36b77c454d..da75e8007d 100644
--- a/doc/crypto/des_modes.pod
+++ b/doc/crypto/des_modes.pod
@@ -204,8 +204,8 @@ just one key.
 =item *
 
 If the first and last key are the same, the key length is 112 bits.
-There are attacks that could reduce the key space to 55 bit's but it
-requires 2^56 blocks of memory.
+There are attacks that could reduce the effective key strength
+to only slightly more than 56 bits, but these require a lot of memory.
 
 =item *
 
-- 
2.25.1