[1000] in cryptography@c2.net mail archive
RE: DES cracking is making real progress
daemon@ATHENA.MIT.EDU (Peter Trei)
Thu Jun 12 12:23:56 1997
From: "Peter Trei" <trei@process.com>
To: cmcurtin@research.megasoft.com, cryptography@c2.net
Date: Thu, 12 Jun 1997 09:52:21 -6
Reply-to: trei@process.com
CC: trei@process.com
> >>>>> "Pat" == Pat Farrell <pfarrell@netcom.com> writes:
>
> [sorry to resurrect a moldy thread ... I'm a bit behind...]
>
> Pat> Of course for the interesting protocols, cracking DES gives you
> Pat> one session key, which is often only one message. That may have
> Pat> some value, but you get to start all over with the next session.
[...]
>
> The fact that a bunch of people running a client program that uses
> their machines' idle cycles can find one key in a space of 2^56 tells
> me that DES isn't of much use for anything that has much value, or
> needs to remain a secret for much more than a few minutes. Perhaps
> I'm being overly paranoid.
This is the whole point - to discredit single DES, and make it's use
unacceptable to corporate executives.
Once a single DES key is found, a decision to design a product around
single DES, or to purchase a single DES product, starts to look like
career suicide for the decision maker.
I started this whole thing off soon after the USG dangled exports of
single DES as a carrot to tempt US SW developers to espionage-enable
(ie, include GAK) in their future products. The goal of the DES
challenge is to make that carrot as unappetizing as possible.
Peter Trei
trei@process.com
Peter Trei
Senior Software Engineer
Purveyor Development Team
Process Software Corporation
http://www.process.com
trei@process.com
