Adam Shostack <adam@homeport.org> writes:
This did not happen when cypherpunk Hal Finney posted a message and challenge; everyone saw that resources were assembled, and the key was cracked.
I think an effort to crack DES differs somewhat from factoring RSA moduli or breaking 40 bit SSL in that tempting test data is not everywhere for the taking. It may therefore be somewhat more difficult for the typical reader to abstract a "what this means for my data" scenario from the results of such an effort, and we should expect at least a small amount of FUD from the American Banking Association, which will recoil in horror at any suggestion that what they are currently doing is not secure. If we were preparing to attack something with a very visible common application, like Unix Crypt(3), I would agree with you that everyone would understand and see what was happening, just as people were easily able to understand the notion of capturing data during an SSL handshake, and pounding on it with large numbers of CPU cycles.
What I see as more likely than 'did/did not' is the Netscape-style assertion that the computer time used cost N million dollars (Ok, NS claimed the compute cycles were worth $10,000.)
Netscape's attempts at damage control were sorely limited by the fact that the data used for the crack was captured during the normal operation of their software. Had Hal done some sort of known plaintext attack on 40 bit RC4 outside the context of a specific widely-used application, it is possible that a lot of time would have been wasted countering the inevitable "this doesn't apply to us" arguments from various software vendors, with the general public understanding none of the terminology used in the debate. This would definitely have softened the media impact of the accomplishment.
As such, the analysis needs to be presented in light of the fact that 3des would take 3 times as long to encrypt, and take 2**56 times as many dollars worth of compute power to decrypt. To put that to scale, if the computer power to break des is one cent, the federal debt (5 trillion) wouldn't get you close to breaking 3des.
Correct. But breaking a real-life example of single DES would be a nice rejoinder to those who continue to insist, in the face of strong grumbling by the cryptographic community, that single DES is a cipher with many more years of useful life left in it. If this speeds the adoption of second generation ciphers by major players in the national infrastructure, then it will have been a useful exercise. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd@netcom.com $ via Finger. $