Dan wrote: |Not having my copy of The Differential Cryptanalysis of the Data |Encryption Standard handy, I'd like to know about the distributability |of this type of DES attack. Done right, we could significantly reduce |the time complexity. | The main problem, of course, would be coordinating such an effort. I |seem to recall this attack requiring lots of known plaintexts. Time |to review the text, I suppose.... | Does the Federal Reserve still use single-key DES? The forms of differential cryptanalysis that I'm aware of require The cracker to adaptively atack the encrypting or decrypting device. I therefore do not believe that they are especially applicable to financial transactions schemes, most of which change keys quite frequently. JWS