[107511] in Cypherpunks
Re: NIST Credits Deep Crack
daemon@ATHENA.MIT.EDU (Robert Hettinga)
Fri Jan 15 11:59:35 1999
In-Reply-To: <199901151523.KAA28092@smtp1.mindspring.com>
Date: Fri, 15 Jan 1999 11:07:15 -0500
To: John Young <jya@pipeline.com>, cypherpunks@cyberpass.net,
cyptography@shipwright.com
From: Robert Hettinga <rah@shipwright.com>
Reply-To: Robert Hettinga <rah@shipwright.com>
At 10:11 AM -0500 on 1/15/99, John Young quoted NIST
<http://jya.com/nist011599.txt>:
> In light of this most
> recent attack, NIST can no longer support the use of the
> DES for many applications. As with other security tools,
> encryption must balance cost against risk. The recent
> brute force exhaustion attack by a ``cracking machine''
> costing $250,000 took 56 hours to crack a single
> message.
>
> With this special-purpose technology, the average time
> of cracking per message would be twice that, since only
> a quarter of all keys were tested. In some cases this kind
> of attack may not pose an immediate or significant threat
> --for example where short-term protection of perishable
> information is desired. However, advances in technology
> are likely to further reduce the average cracking time.
> Therefore, NIST recommends the following:
>
> --For existing systems, develop a prudent transition strategy
> to move to Triple DES. This strategy should match the
> strength of the protective measures against the associated
> risk. Critical systems should receive priority
>
> --When building new systems, use Triple DES to protect
> sensitive, unclassified data
>
> End quote
In other, terser words, "DES is DED".
:-).
Ain't we having fun, now?...
Cheers,
Robert Hettinga
-----------------
Robert A. Hettinga <mailto: rah@philodox.com>
Philodox Financial Technology Evangelism <http://www.philodox.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
