Michael Froomkin writes:
Recognizing that DES is not the best thing out there, but that it is better than RC40 and life is a series of cost/benefit tradeoffs and that
Thats RC4, and it isn't neccessarily better than RC4, especially if the RC4 key length is reasonable. No one really knows the strength of RC4.
1) Suppose you are approached by a corporate client who believes that they can get export permission for DES (but nothing stronger, i.e. no 3DES). What kind of real-world, non-banking, applications is DES just too weak for today?
I'd guess that anyone who consideres their messages to be worth more than a few hundred bucks a pop has cause to worry, because thats the upper limit on the cost of cracking DES keys these days.
2) How long before DES becomes generally unsuitable for (A) corporate (B) personal use [please keep the threat model on which this question is based in mind -- threats *other than* the US government wiretapping you]?
I'd say it is unsuitable for anything approaching a valued corporate secret today. Personal use? Well, the threat model there is all important. Certainly your cousin can't crack DES keys -- yet.
3) Do you have a view as to whether DES (A) will and (B) should be recertified next time the issue arises?
DES should not be recertified. I have no opinions on what the government will do. Perry