encrypted email software
uri at watson.ibm.com
uri at watson.ibm.com
Sat Jul 10 19:05:03 PDT 1993
peter honeyman says:
> > still around about why it was changed from 64 bit to 56 bit,
> you mean 112 -> 56. this has been resolved -- it seems that longer keys
> don't impose any additional complexity on des attacks. although these
> attacks were discovered by the open crypto community only a few years ago,
> nsa had these techniques in hand long before. the bottom line is that
> additional key bits would not make des more secure. double des or triple
> des do.
Well, first - I believe DES was designed with 64 bit keys in mind,
and then due to some technical (unspecified :-) reasons he key was
shortened to 56 bits (and 56-bit version was submitted to NBS).
While longer key indeed offers little protection against attacks
like differential cryptanalysis - it's hard to argue that it can
blow brute-force attack out of the water... And I'd be somewhat
more concerned about an adversary cracking my DES-encrypted mail
via brute force, than tapping my channel and collecting 2^45 of
plaintext-ciphertext pairs to deduce my DES [randomly selected]
key (:-).
N'est pas?
> it has long been believed that a dedicated des-cracker is within the budget
> of extremely well financed organizations.
Well, of course a government (any government :-) could build such a
thing... After all, don't they get all those tax money? (:-)
--
Regards,
Uri uri at watson.ibm.com scifi!angmar!uri N2RIU
-----------
<Disclamer>
More information about the cypherpunks-legacy
mailing list