Randall Farmer skribis:
Been thinking, most applications for ciphers assume solely based on cipher x's keysize that data will be secure for a certain length of time. ... My idea ... is averaging the remaining lifetimes in analysis-hours of broken ciphers which survived as many person-hours of attack as the one in question.
Doesn't seem terribly likely. Typically ciphers will look strong until someone discovers a chink. The chink will sometimes lead to a serious break, but not always, and not always quickly -- but at that point the cipher looks weak. Your best chance at encrypting stuff that needs a long shelf life is with a cipher that's had a lot of analysis and plenty of intrinsic key, like 3DES.
Am I just going crazy, or is it kind of obvious that NSA knew the s-boxes they provided for DES weren't secure?
The former. The S-boxes they replaced were bogus, and the ones they came up with were good against differential cryptanalysis -- better than random ones. There's no a priori reason to believe they knew about linear cryptanalysis, and in any case Matsui's l.c. attack on DES is better than brute force only in situations where you have a great deal of known or chosen plaintext. So how come you claim they aren't secure? DES isn't suitable for long-archived info, but is still OK for short-lifetime data against a not-too-motivated attacker: its only known weakness for this application is its key-length, not its S-boxes.
Anyhow, these two (or three) values are XORed together to form the key used to encrypt the volume. When your adversaries, armed with their trusty rubber hoses, come knocking at and/or down your door, you hit a hotkey to start destroying those 24 bytes on disk, which can be done faster and more effectively than a wipe of every sector in the volume. The folks with the
I like it! Jim Gillogly Trewesday, 8 Solmath S.R. 1998, 00:27 12.19.4.15.17, 8 Caban 15 Muan, Second Lord of Night