Matsui-san Attack
]> A bigger problem is that PEM uses DES rather than IDEA. I just learned ]> of a new attack by Mitsuru Matsui of Mitsubishi that requires 2^43 ]> *known* plaintexts, not chosen ones. The note I received says that it ]> ``breaks the scheme in 50 days on 12 HP9735 workstations''. This was ]> presented last week at the Japanese Conference on Cryptography and ]> Information Security. 50 days on 12 HP9735 = 600 days on a single HP9735 The 735 has a pretty fast Mflop rating (compared to Sun, IBM, SGI, PC, and Macs). Using a comparable breaker on the average machine, it is going to take two years to "break the scheme". That leaves two years to create stronger/tighter strategies.
Huh? Two years of breathing space? I don't think so. Networks of many fast workstations (snakes, SPARC-10's, Alphas, whatever) aren't exactly rare; I'm sure I could equal that mflop horsepower here, and I'm double sure I could have done it while at DEC. I frequently ran a home-grown distributed fractal image generator at DEC harnessing 75 workstations, about 20 of them Alphas. The real question is whether this new attack is bogus. -- | GOOD TIME FOR MOVIE - GOING ||| Mike McNally <m5@tivoli.com> | | TAKE TWA TO CAIRO. ||| Tivoli Systems, Austin, TX: | | (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" |
-----BEGIN PGP SIGNED MESSAGE----- buckley@wti.com writes :
[continuing thread on ease of cracking DES/PEM]
Using a comparable breaker on the average machine, it is going to take two years to "break the scheme". That leaves two years to create stronger/tighter strategies. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Concerns about the validity about the 'two years' figure aside, does this really 'leave you two years?' The technology to store messages (even ones currently uncrackable) has been online for years already- unless your encrypted data is such that you don't mind having it examined by anybody with a DES cracker, you are already at risk. In terms of careers, legal action, and politics, a two-year event horizon is negligible. As advances in computer power continue, the 'two-year' figure will continue to shrink. Taking the long view, I view the PEM/DES debate as virtually identical to the Clipper debate; Clipper's 'trap door' mindset is more overt, but getting everbody involved in PEM/DES when the cracking technology is clearly in sight is no better. - -- ........................................................................ Philippe D. Nave, Jr. | The person who does not use message encryption pdn@dwroll.dw.att.com | will soon be at the mercy of those who DO... Denver, Colorado USA | PGP public key: by arrangement. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLU6UHwvlW1K2YdE1AQGG4gQAqM+LthMCzEo3T2O+fLhKih8uNYUoHhvK 6zvDWjW2PW/t/N7TdWpA2oJ2dVmpABa3ENeNvju0qrEW91CVoU5JwBMHiCxSTrOn wtK4fcQ7m+GBvvoLO6WW5tr+FZcVluzZbJrIcnaLQVWqP/P5Bmfjspd/GfROAduX /oR4u9pFSvk= =O5HV -----END PGP SIGNATURE-----
participants (3)
-
buckley@wti.com -
m5@vail.tivoli.com -
Philippe Nave