DESX
Bodo Moeller
Bodo_Moeller at public.uni-hamburg.de
Tue Oct 13 16:41:20 PDT 1998
Dave Emery <die at die.com>:
> Anybody have any estimate as to how much actual strength this
> adds to DES ?
You might want to read "The Security of DESX" by Phillip Rogaway in
CryptoBytes Vol. 2 Number 2 (Summer 1996) pp 8-11, which is available
somewhere on RSADSI's web site <URL:http://www.rsa.com> (possibly
<URL:http://www.rsa.com/PUBS/> might be a good starting point) or the
underlying research paper "How to protect DES against exhaustive key
search" by Kilian and Rogaway in CRYPTO '96:
[The] results don't say that it's impossible to build a machine
which would break DESX in a reasonable amount of time. But they
do imply that such a machine would have to employ some radically
new idea: it couldn't be a machine implementing a key-search
attack, in the general sense which we've described.
(Quoted from the CryptoBytes article.)
> How would one break it in a practical cracker machine ?
Maybe not at all; see above.
More information about the cypherpunks-legacy
mailing list