No Subject

Marc Horowitz marc at Athena.MIT.EDU
Thu Feb 25 21:36:58 PST 1993

>> (4) About DES.
>>     The data encryption standard is, no doubt in my mind,
>>     quite cracked by NSA. If it is not completely cracked it
>>     is at least very easy to get into by these boys. I have
>>     found that there is too much evidence that NSA has gotten
>>     in to DES pretty well. For starters (not a proof by the
>>     way) the cryptographers who work for NSA spend most of
>>     their time breaking encryption and its pretty mind
>>     boggling to think that no short cuts have been found to
>>     DES by a bunch of dedicated cyptographers. Damn if that
>>     was my job and my field of knowledge i am sure i would
>>     have at least a little short cut of some sort.

I've heard this argument before.  The NSA has a whole lot of people
doing crypto, but (again, with no proof) I can't imagine that they
have whole armies of people dedicated to breaking DES.  The fact is,
there are a lot of very good cryptomathemeticians in academia, who do
publish their results.  Shamir is an excellent example of this.  The
fact is, the best known attack requires 2^37 *chosen* plaintexts, more
if the plaintexts must be ASCII.

I also believe that nobody's security is perfect, and that if
something as big as DES was broken, even at the NSA, we would have
heard about it.  If the world banking industry trusts DES for their
trillions of dollars a day, I'm willing to trust it for my little,
insignificant messages.


More information about the cypherpunks-legacy mailing list