peter honeyman says:
still around about why it was changed from 64 bit to 56 bit, you mean 112 -> 56. this has been resolved -- it seems that longer keys don't impose any additional complexity on des attacks. although these attacks were discovered by the open crypto community only a few years ago, nsa had these techniques in hand long before. the bottom line is that additional key bits would not make des more secure. double des or triple des do.
Well, first - I believe DES was designed with 64 bit keys in mind, and then due to some technical (unspecified :-) reasons he key was shortened to 56 bits (and 56-bit version was submitted to NBS). While longer key indeed offers little protection against attacks like differential cryptanalysis - it's hard to argue that it can blow brute-force attack out of the water... And I'd be somewhat more concerned about an adversary cracking my DES-encrypted mail via brute force, than tapping my channel and collecting 2^45 of plaintext-ciphertext pairs to deduce my DES [randomly selected] key (:-). N'est pas?
it has long been believed that a dedicated des-cracker is within the budget of extremely well financed organizations.
Well, of course a government (any government :-) could build such a thing... After all, don't they get all those tax money? (:-) -- Regards, Uri uri@watson.ibm.com scifi!angmar!uri N2RIU ----------- <Disclamer>