Can we kill single DES?
Mike Duvos
mpd at netcom.com
Wed Oct 2 00:01:11 PDT 1996
Peter Trei writes:
> Since it looks like the US government will be allowing the export of
> 56 bit espionage-enabled software, it's time to kill single DES.
Yes. It's an obsolete cipher with a woefully small key. Only
a catastrophic failure will cause the ABA to undergo religious
enlightenment.
> As some of you will recall, a while back I wondered aloud about the
> feasibility of brute-forcing DES on general purpose machines, ala the
> RC4-40 crack last year.
I'm a firm believer in "work smart, not hard." It might be interesting
to run a wiring diagram of DES through a superoptimizer and see how many
algebraic identities fall out.
An analytical crack that could be published on the Net would be far
more impressive than harnassing gigacycles on every available machine,
which might very well awe the gullible into thinking DES was difficult
to break.
> On this type of processor, it would still take 9133 years to exhaust
> a 56 bit key space. On the other hand, on 20,000 processors of this
> power it would take less than 6 months. If the target is encrypted
> in a chaining mode with an unknown 8 byte IV, the time more than
> doubles.
I can see the headlines now. "Cypherpunks show DES can withstand up
to 9,000 Pentium-years of torture and keep on ticking."
Remember the Law of Unintended Consequences.
--
Mike Duvos $ PGP 2.6 Public Key available $
mpd at netcom.com $ via Finger. $
More information about the cypherpunks-legacy
mailing list