On Thu, 09 Sep 93 16:14:56 -0700,
Be the first on your block!
No kidding. I just ftp'd the des_key_search.ps file from ftp.eff.org and browsed through the first few pages (hats off to Michael for a fine piece of work). This is indeed an important milestone and will have an impact on the cryptographic implementations used by banks, etc. in the very near future. It should be interesting to see what the future holds ....
The paper was written as a warning to DES users (bankers) and their customers (depositors). DES is used to protect electronic money transfers among banks all over the world. Several billion dollars per day are moved in this way. Within a day of finishing the machine, a criminal could easily pay back the $1.5M in capital. In the second day, they'd have the capital required to build a second machine, and in the third day a positive cash flow would begin. Banks can do nothing to stop this -- if they shut down their comm links, they go out of business; if they keep moving money over them, intruders suck money out at will. I recommend not keeping your money in banks...
...and in another communique -
Oho! I now suspect why RC2 and RC4 must remain trade-secret...NSA doesn't want people to know what particular internal algorithm features their brute-force chips are capable of handling! I recall the discussion of how RC2/4 were invented; NSA told the designer (since identified as Ron Rivest): "No, this is too big; weaken this over here; do fewer rounds here; etc..." What resulted was suitable for NSA brute-force using chips they had readily available. It's possible that simple changes to the algorithm would render it much less penetrable by NSA's current hardware. Ron even knows *which* changes, and I encourage him to tell us.
That would be an interesting revelation, wouldn't it? ,-) _____________________________________________________________________________ Paul Ferguson Mindbank Consulting Group fergp@sytex.com Fairfax, Virginia USA ferguson@icp.net