Given that we might embark upon this public demonstration of the fragility of single DES, what should we use for test data? If a lone Cypherpunk simply encrypts a file with DES-ECB, hides the key in a drawer, and publishes the cyphertext and plaintext for use in a distributed cracking effort, there will of course be the suggestion that the exercise was rigged, and any public policy implications will be lost in the endless "Was So/Was Not" quibbling which will undoubtedly take place after the crack is complete. Given that most of the people currently singing the praises of single DES live in the banking industry, which has so far resisted all reasonable suggestions that it is time for them to move to something stronger, it would seem almost obvious that this crack should be done on some form of live financial data, such as might be obtained if one were to capture bits passing over publicly accessible phone lines between various financial institutions, ATM machines, and centralized computer facilities. The ideal data would be replete with prepended fixed headers which could be used as a wedge for a known plaintext attack, and should be sufficiently sensitive that breaking it will result in scandalous tabloid headlines and numerous opportunities for Cypherpunks to promote their policy agenda in the media. DES is, after all, a prime example of the type of encryption one gets when the government, rather than the brightest minds in the private sector, are in charge of determining National Crypto Policy and mandating the use of "approved" techniques. I would suggest we obtain the test data for this exercise as soon as possible, and widely disseminate it on the Net. There is no need to wait until we have distributed cracking software ready to go before doing this, and having the actual data to play with while munging the code together may lead to some new insights as to efficient ways to attack the problem. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd@netcom.com $ via Finger. $