From: gnu@toad.com (John Gilmore) Message-Id: <9309100913.AA23487@toad.com> Subject: Re: Crack DES in 3.5 hours for only $1,500,000! Date: Fri, 10 Sep 93 02:13:32 -0700
It feels like you're jumping to conclusions, John. At 40 bits of key, I don't care how strong an algorithm is. I can have my network of SPARCstations try all keys. NSA chip technology doesn't enter into that analysis. Meanwhile, on the death of DES -- what we know is that there's a known plaintext attack, given the right hardware. What I've recently heard called a pre-whitening (XOR with PRNG before the DES) wipes out the known plaintext. The PRNG doesn't need to be that strong. It's protected by DES and vice versa -- Chinese-puzzle style. Of course, my personal favorite DES variant remains: compress|des|tran|des|tran|des but if you're really paranoid, you could change it to: compress|xor|tran|des|tran|des|tran|des since xor and tran are so cheap. [des in any mode you prefer -- eg., cbc or cfb -- IVs kept secret, of course.] [For those not reading sci.crypt, tran is an (up to) 8KB transposition with PRNG keyed from the histogram of the first block of bytes -- code posted to sci.crypt, mailed by me or avbl by ftp from scss3.cl.msu.edu.] - Carl