Recognizing that DES is not the best thing out there, but that it is better than RC40 and life is a series of cost/benefit tradeoffs and that there is a large installed base to interoperate with, I'd like your opinions on the following: 1) Suppose you are approached by a corporate client who believes that they can get export permission for DES (but nothing stronger, i.e. no 3DES). What kind of real-world, non-banking, applications is DES just too weak for today? In answering keep in mind that most US corporate clients are not too worried about the US government reading their email. Some do worry about foreign governments and many worry about competitors. [I've limited this to "non-banking" because banks seem to be gearing up for 3DES.] 2) How long before DES becomes generally unsuitable for (A) corporate (B) personal use [please keep the threat model on which this question is based in mind -- threats *other than* the US government wiretapping you]? 3) Do you have a view as to whether DES (A) will and (B) should be recertified next time the issue arises? A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | U. Miami School of Law | froomkin@law.miami.edu P.O. Box 248087 | http://www.law.miami.edu/~froomkin Coral Gables, FL 33124 USA | It's warm here.
Michael Froomkin writes:
Recognizing that DES is not the best thing out there, but that it is better than RC40 and life is a series of cost/benefit tradeoffs and that
Thats RC4, and it isn't neccessarily better than RC4, especially if the RC4 key length is reasonable. No one really knows the strength of RC4.
1) Suppose you are approached by a corporate client who believes that they can get export permission for DES (but nothing stronger, i.e. no 3DES). What kind of real-world, non-banking, applications is DES just too weak for today?
I'd guess that anyone who consideres their messages to be worth more than a few hundred bucks a pop has cause to worry, because thats the upper limit on the cost of cracking DES keys these days.
2) How long before DES becomes generally unsuitable for (A) corporate (B) personal use [please keep the threat model on which this question is based in mind -- threats *other than* the US government wiretapping you]?
I'd say it is unsuitable for anything approaching a valued corporate secret today. Personal use? Well, the threat model there is all important. Certainly your cousin can't crack DES keys -- yet.
3) Do you have a view as to whether DES (A) will and (B) should be recertified next time the issue arises?
DES should not be recertified. I have no opinions on what the government will do. Perry
participants (2)
-
Michael Froomkin -
Perry E. Metzger