At 5:29 AM 8/22/95, hallam@w3.org wrote:

I think we can probably do DES within two years.

Phill

I strongly doubt it, and may be willing to bet money against it happening. (If "we" means someone or some group on this mailing list. If "we" means the Net, I still doubt it will happen.) If the "idea futures" and betting markets we've talked about here (which exist) ever take off, this may be a way to make some money for someone. For example, if someone was laying 10:1 odds that SSL would not be cracked in 1995.... And for the "do DES" bet, you need to differentiate (no pun intended) between a chosen plaintext attack and a more general attack. The differential cryptanalysis ("DC" gets another overload) method needs chose plaintext to cut the search space down to 2^47 keys. Wiener's hypothesized "million dollar DES cracker" may do the general attack, but I doubt anyone on our mailing list will do it. That is, the number of workstations and even supercomputers which would have to be lashed-together would be, ballpark, about 2^16 times greater than what was lashed-together for the SSL challenge. Maybe a factor of ten could be cut out with increased cleverness. Maybe. Call it a factor of "only" 6000 times harder than the SSL challenge. Hard to imagine this happening in the next two years. Maybe if much of the Net community was energized to run DES crackers instead of Flying Toasters, but a hard effort to organize...for fleeting reward. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway."