[999] in cryptography@c2.net mail archive
RE: DES cracking is making real progress
daemon@ATHENA.MIT.EDU (C Matthew Curtin)
Thu Jun 12 09:24:27 1997
Date: Thu, 12 Jun 1997 00:32:30 -0400 (EDT)
From: C Matthew Curtin <cmcurtin@research.megasoft.com>
To: Pat Farrell <pfarrell@netcom.com>
Cc: nelson@media.mit.edu (Nelson Minar), Andy Brown <a.brown@nexor.co.uk>,
"cryptography@c2.net" <cryptography@c2.net>
In-Reply-To: <199705202221.PAA23328@netcom13.netcom.com>
Reply-To: cmcurtin@research.megasoft.com
>>>>> "Pat" == Pat Farrell <pfarrell@netcom.com> writes:
[sorry to resurrect a moldy thread ... I'm a bit behind...]
Pat> Of course for the interesting protocols, cracking DES gives you
Pat> one session key, which is often only one message. That may have
Pat> some value, but you get to start all over with the next session.
This is true. However, it's important to note that the way we're
going about cracking keys is about one of the worst ways to do it,
from the perspective of raw efficiency.
The effort is not costing anyone any real money, though it is costing
some folks a bit of time. A little over a half dozen of us are
putting in a significant amount of time.
If we wanted to make a business of cracking keys^H^H^H^H^H^H^H^H^H^H^H^H
key recovery, it wouldn't be a big deal for us to get some FPGA
equipment wired for DES and reduce our average search time to hours or
minutes.
The real issue, like with all cryptographic applications is (1) what's
the value of the data being protected, and (2) how long does it need
to remain a secret?
The fact that a bunch of people running a client program that uses
their machines' idle cycles can find one key in a space of 2^56 tells
me that DES isn't of much use for anything that has much value, or
needs to remain a secret for much more than a few minutes. Perhaps
I'm being overly paranoid.
Pat> The American and UK bankers that I've talked to are quite
Pat> comfortable with DES today. I don't know if breaking one key will
Pat> change that.
I haven't spoken to many, though I have spoken to a few.
Specifically, I was trying to find out just how widely the financial
industry relies on DES, and put some information together for a
deschall press release. There are some who work in the financial
industry who are very aware of the shortcomings of DES and gave me
strong words of support for raising the awareness of the need for
longer keys.
Based on the press that we've gotten so far, and discussions with a
fair number of other reporters, I get the feeling that our press will
remain light in the mainstream throughout the project's duration. But
once we've found the key, I expect this to be everywhere. We might
get people to start demanding non-crippled crypto yet.
--
Matt Curtin Chief Scientist Megasoft Online cmcurtin@research.megasoft.com
http://www.research.megasoft.com/people/cmcurtin/ I speak only for myself
Pull AGIS.NET's plug! Crack DES NOW! http://www.frii.com/~rcv/deschall.htm
