Two brief questions about DES, if I may. I have heard of a couple of rumours that DES is considered to be fairly weak. Specifically, the rumors mentioned that there were some questions about the design of the S-boxes and the possibility that there was a trap door which would permit the NSA or other gov't agency to quickly obtain the cleartext. Another rumour was that the French & Israeli intelligence agencies downgraded the classification of DES to one of the lowest strengths of encryption algorithms. I have been wondering about these issues off & on for a while & have tried to do some research on them, but have come up with nothing which would amount to more than hearsay. It's tough to tell if the rumours stem from urban legends or are based on fact. If it isn't too much trouble, I'd appreciate an expert opinion of the two rumours mentioned above. Assuming the rumours of the weakness of DES are true, which symmetric encryption algorithms would you recommend which are substantially more secure than DES (and which are obtainable from Internet or commercial sources)? (It doesn't haver to be exportable). Thanks in advance for your help. Best Regards, Frank <standard disclaimer> The opinions expressed above are of the author and may not necessarily be representative of Fortified Networks Inc. Fortified Networks Inc. - Management & Information Security Consulting Phone: (317) 573-0800 - http://www.fortified.com/fortified Home of the Free Internet Firewall Evaluation Checklist
-----BEGIN PGP SIGNED MESSAGE----- On Sun, 18 Feb 1996, Frank Willoughby wrote:
Two brief questions about DES, if I may.
I have heard of a couple of rumours that DES is considered to be fairly weak. Specifically, the rumors mentioned that there were some questions about the design of the S-boxes and the possibility that there was a trap door which would permit the NSA or other gov't agency to quickly obtain the cleartext.
DES has been scrutinized for about 20 years. If there are any trap doors in the code, then they were built in very well. DES is weak because of its short key length, not because of any flaws in its design. AFAIK, there is no efficient way to crack 3des (encrypt, decrypt, encrypt). 3des has a 168-bit key, so brute-force is not efficient.
[...]
Assuming the rumours of the weakness of DES are true, which symmetric encryption algorithms would you recommend which are substantially more secure than DES (and which are obtainable from Internet or commercial sources)? (It doesn't haver to be exportable).
IDEA and RC4 (with at least 128 bits) seem to be pretty secure. If you really don't trust DES or 3DES, IDEA is probably currently the best symmetric encryption algorithm. - --Mark =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= markm@voicenet.com | finger -l for PGP key 0xf9b22ba5 http://www.voicenet.com/~markm/ | bd24d08e3cbb53472054fa56002258d5 -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQCVAwUBMSdFYrZc+sv5siulAQFclwP8C2KdGYd8ABRC3pTUV3Lvh6BIvq7Nxqf2 JELlEHqipX47PbBZkLSHqJOTFjcVxalZuXi3f0wthfpQXnTCcuo0msjKEyFuZZSp wxDNysMzLkA5WyXw/XbPOVDgtSSoTNefR6Y3Wz593wkXAtg/GwtL4vjCAQFtKUhb ngdgaIO9z8o= =lEht -----END PGP SIGNATURE-----
Frank Willoughby wrote: | Specifically, the rumors mentioned that there were some questions about the | design of the S-boxes and the possibility that there was a trap door which | would permit the NSA or other gov't agency to quickly obtain the cleartext. This seems not to be true. The design of the S boxes seems to be to foil differential cryptanalysis, where pairs of similar texts are encrypted to find information about the key. | Another rumour was that the French & Israeli intelligence agencies downgraded | the classification of DES to one of the lowest strengths of encryption | algorithms. I wouldn't be suprised; major intelligence agencies are likely to have DES cracking custom hardware. | I have been wondering about these issues off & on for a while & have tried to | do some research on them, but have come up with nothing which would amount to See Schneier's Applied Cryptography, 2nd ed. | Assuming the rumours of the weakness of DES are true, which symmetric | encryption algorithms would you recommend which are substantially more | secure than DES (and which are obtainable from Internet or commercial | sources)? (It doesn't haver to be exportable). I'd use IDEA or 3DES. Again, see Schneier. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume
Adam Shostack <adam@homeport.org> writes:
| Assuming the rumours of the weakness of DES are true, which symmetric | encryption algorithms would you recommend which are substantially more | secure than DES (and which are obtainable from Internet or commercial | sources)? (It doesn't haver to be exportable).
I'd use IDEA or 3DES. Again, see Schneier.
Or perhaps GOST 28147-89. --- Dr. Dimitri Vulis Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
Adam Shostack <adam@homeport.org> writes:
I'd use IDEA or 3DES. Again, see Schneier.
Dr. Dimitri Vulis <dlv@bwalk.dm.com> responds:
Or perhaps GOST 28147-89.
Can you recommend some suitable S-Box configurations that might make GOST as secure as we think IDEA or 3DES is? andrew
participants (5)
-
Adam Shostack -
Andrew Loewenstern -
dlv@bwalk.dm.com -
Frank Willoughby -
Mark M.