At 10:54 AM -0700 6/24/97, Adam Back wrote:
Re comments that I should re-read the paper, here is what Wiener's paper says about estimated costs of a specialized DES key breaker:
$100,000 for a machine to break DES in an average of 35 hrs $1 mil for a machine to break DES in an average of 3.5 hrs $10 mil for a machine to break DES in an average of 21 mins ... 35 hours sounds a reasonable amount of time to break a Swift banking transfer key protecting trillions of dollars of funds.
Show me the money! A DES break that resulted in a loss of several tens of millions of dollars, suitably publicized, would be both educational and rewarding. We often talk about the "threat model." But what's the _profit model_ for breaking DES? Can money be made by breaking a SWIFT transfer in approx. 35 hours? (Personally, I doubt it. Between increasing use of 3DES and "time windows" which are probably much shorter than tens of hours, I doubt a Wiener machine would be of much use to a hacker.) Of course, the payoffs could be huge. If the banking system is really vulnerable to this sort of attack, then why has some private group not financed the building of a Wiener machine? (I know many people who could pay for such a machine out of "spare cash," if the profits/risks were there; I'm not saying *I* would, of course, only that the amounts are not so high. The cheapest of the listed machines above is comparable in price to a Jaguar XK8.) Is anyone publishing on this? Are the details of the SWIFT and similar interbank transfer systems available anywhere? (What kind of out-of-band checksums may exist? What kind of callback systems? What window of opportunity exists if a single DES key is found? Is it useful?) --Tim May There's something wrong when I'm a felon under an increasing number of laws. Only one response to the key grabbers is warranted: "Death to Tyrants!" ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."