[1594] in Kerberos
Re: DES security
daemon@ATHENA.MIT.EDU (smb@ulysses.att.com)
Fri Oct 4 21:43:13 1991
From: smb@ulysses.att.com
To: sjogren@TGV.COM (Sam Sjogren)
Cc: kerberos@Athena.MIT.EDU
Date: Fri, 04 Oct 91 21:21:30 EDT
I wonder if anyone on this list has concrete information on a
rumour that I'd heard from a friend of a friend of a friend...
Since I don't want to spread rumours, PLEASE don't assume that
what I am about to ask is true unless someone knows for sure,
since I don't. I'd heard that someone has found a non-exhaustive
way to break DES. Please follow up if you know for sure about
this. Otherwise, assume this to be just a rumour without substance.
Thanx in advance.
-Sam
Here's what I know -- all fact, no rumor. The New York Times carried
an article saying that Shamir and Biham have a chosen-plaintext attack
that's considerably more efficient than brute force. Shamir says
that that's correct, but won't release any details until the paper
is published. From what the article said, it appears to be a variant
on their differential cryptanalysis. There was no hint of just how
much better than brute force the attack is. And note that it is
chosen plaintext.
--Steve Bellovin
