DES Vulnerable, Why?
It seems the TLAs (in a weak moment) let slip that DES was getting old and creaky and vulnerable. The story is that that is what sent the TLAs off on their search for a new encryption standard. (Unfortunately, they got their mission reversed and decided the need was to *read* plaintext not encrypt it.) My question: if triple-DES is so damn tough to break, what is wrong with DES? Triple-DES is a trivial variation on DES. Is it likely that DES's frailities are not the ones we compute with all those big numbers? Given the public portions of DES's history, what DES weaknesses make sense? -kb, the Kent who is 300+ emails behind due to a biz trip and a damp notebook. -- Kent Borg +1 (617) 776-6899 kentborg@world.std.com kentborg@aol.com Proud to claim 39:30 hours of TV viewing so far in 1994!
Kent Borg writes:
It seems the TLAs (in a weak moment) let slip that DES was getting old and creaky and vulnerable. The story is that that is what sent the TLAs off on their search for a new encryption standard. (Unfortunately, they got their mission reversed and decided the need was to *read* plaintext not encrypt it.)
"Can DES be broken?" is of coarse the hoariest of FAQs, so I won't address it here. Suffice it to say there are literally thousands of posts in the sci.crypt archives about DES weaknesses, DES-busting machine designs, etc. What I want to comment on here is the idea that the TLAs have _recently_ or _inadvertently_ revealed the weakness of DES. Not so. Back in 1986-7 there was a major effort to have DES replaced with a new encryption standard. I don't recall the name for the program, but it had the support of several chip companies (Intel, AMD, etc.) and was, I seem to recall, mentioned prominently in the National Computer Security Act of 1987. The new standard involved hardware security--thus it was not a new algorithm per se (but DES is supposed to be done in hardware, too). Maybe one of you out there remembers the name of this program, and knows more about why is just fizzled out. I don't want to sort through old boxes of magazine clippings to find the articles. The main point is that the chief reason given was that DES was at the end of its life. Actually, most folks are utterly surprised it's lasted as long as it has...Diffie and Hellman's paper in the mid- to late-70s predicted a lifespan of not much more than 10 years. Triple DES has given it a few more years of breathing room. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway."
-----BEGIN PGP SIGNED MESSAGE-----
Back in 1986-7 there was a major effort to have DES replaced with a new encryption standard. I don't recall the name for the program, but it had the support of several chip companies (Intel, AMD, etc.) and was, I seem to recall, mentioned prominently in the National Computer Security Act of 1987.
I think Tim's thinking of the Commercial Comsec Endorsement Program (CCEP), an effort to get NSA-approved crypto hardware out into the commercial world. For some reason it never really caught on :) - -Paul - -- Paul Robichaux, KD4JZG | "Information is the currency of democracy." perobich@ingr.com | - some old guy named Thomas Jefferson Of course I don't speak for Intergraph. -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLjgEaafb4pLe9tolAQFWkwQAqmH/yf20V6w8gyLW1B18XDA+9ZakEHEt GxUmze9xhjm/NZuPalCvHcj+QEf8OHUpnZD4I9BfGj47fskj1yM20dH7xUuzqLy+ SJJsISvOoM5dd3SxbetblZYHwcG9pnAt9kS73InS2osiPNNiWnt0SoByH9E32+Gg xMXwsylpAaw= =Fa/u -----END PGP SIGNATURE-----
KentBorg@aol.com says:
It seems the TLAs (in a weak moment) let slip that DES was getting old and creaky and vulnerable.
Thats hardly news. Its so utterly obvious even without specialized knowledge one could determine it.
My question: if triple-DES is so damn tough to break, what is wrong with DES? Triple-DES is a trivial variation on DES.
Similarly, finding the factors of the number 15 and of a 1000 bit number are nearly the same operation -- unless you take time into consideration. Please go off and read Schneier on this subject before posting again -- I suspect that his discussion of security and key lengths and multiple encryption is very clear and well written. Perry
participants (4)
-
KentBorg@aol.com -
paul@poboy.b17c.ingr.com -
Perry E. Metzger -
tcmay@netcom.com