DES is Dead

9 Sep 1993


      Forwarded message:
...
Date: Thu, 09 Sep 1993 10:23:00 +0000
From: "Michael (M.J.) Wiener" 
Subject: re:fw:DES is Dead
To: prz@acm.org
Philip,
I'm pleased that my paper is getting some attention.  However, there
were a few things in your note below that concerned me.
The first is minor.  My last name is spelt "Wiener" - I've always been
a little touchy about that.
The second is that not only have we not built this machine, but we
have no intention of doing so.  To say that the chip is ready for
fabrication may mislead people about our intentions.  This is
strictly a detailed paper design.
Finally, I don't think that DES is dead.  After about 15 years of
public scrutiny, we can conclude that DES is a well designed cipher
with a well understood limitation (56-bit keys).  A natural
replacement for it is triple-DES.  Proclaiming the death of DES
may lead to its being replaced with an entirely new cryptosystem
(e.g. Skipjack).
I'd appreciate it if you would send a clarification (particularly on
the second point) to the audience that received the message below.
Thanks,
Mike Wiener
...
From: Philip Zimmermann 
Subject: Re: DES Key Search Paper (fwd)
Michael Weiner presented a paper at Crypto93 that describes a fast DES
key search engine that uses a special inside-out DES chip that he designed.
This chip takes a single plaintext/ciphertext pair and quickly tries 
DES keys until it finds one that produces the given ciphertext from the
given plaintext.  Weiner can get these chips made for $10.50 each in quantity,
and can build a special machine with 57000 of these chips for $1 million.
This machine can exhaust the DES key space in 7 hours, finding a key
in 3.5 hours on the average.  He works for Bell Northern Research in 
Ottawa, and says they have not actually built this machine, but he has
the chip fully designed and ready for fabrication.
This is a stunning breakthrough in the realization of practical DES
cracking.  BTW-- note that PEM uses straight 56-bit DES.
$1 million     - 3.5 hours
$10 miliion    - 21 minutes
$100 million   - 2 minutes
It is not plausible to me that NSA's budget for examining DES-encrypted
traffic is less than $100 million.  Two minutes.  DES is dead, dead, dead.
-prz