
At 09:27 PM 10/16/00 -0700, Tim May wrote:
At 8:50 PM -0700 10/16/00, Nathan Saper wrote: [snip] Recall that your precise words were:
"IMHO, the NSA has enough expertise and technology to crack just about any cipher out there."
This is a claim about _ciphers_, a claim often made by the clueless. ("Any cipher can be broken...," "The NSA has more than enough computer power...," are the most common variants.)
And yet ciphers are a significant target of the NSA. Sure, they devote significant resources to exploiting weaknesses in key management, but ciphers are a primary target. Many people who discuss the capabilities of the NSA do not use proper methodology in extrapolating their technical capabilities. General purpose computers and supercomputers are not well suited to attacking ciphers - custom silicon is the best means. Extrapolate capabilities from the EFF DES crack project and you are somewhat closer (1536 ASIC w/ 24 cores/ASIC yielded 4.52 days/crack of 56 bit keyspace), then take into consideration the advantages of using more sophisticated semiconductor processes (ECL 15 years ago, GaAs on Sapphire today) and the higher clock rates that go with that (40MHz to well > 1GHz), and rerun your numbers. Instead of a small cabinet, fill floors of buildings with these machines, and you have realtime cracking farms. It should be noted that increasing the keyspace isn't a magic protection implying the heat entropy of the universe prevents a crack - the NSA has been playing with Feistel networks since before most cryptographers even knew about DA, not to mention the possibilities of many other unknown weaknesses in Feistel networks being known to the NSA. As for my own comments, I wrote layout and design tools used on these NSA custom chips in the mid 80's, certified for use with the "NSA Standard Cell Library" by their chip designers (they were just one of the customers of the CAD/CAM/CAE software I worked on back then...) I don't think its unreasonable to extrapolate that a sufficiently high priority message can be cracked by the NSA in near realtime, regardless of the cipher strength used, without significant knowledge of the nature of the plaintext. I'd imagine most attacks focus on key management, but anyone serious about the game will have obscene numbers of gates chewing on ciphertext. Kerry L. Bonin (speaking for self, insert lawyer joke here...) Sr. Engineer, Security/Cryptography, Cisco Systems. VScape lead architect - Adaptive secure clustering for multiuser VR.