phipps@fortune.UUCP (Clay Phipps) (05/03/84)
The notion that the DES is intended to be breakable
by US Government agencies is supported by the surprising use of 56 bits,
rather than the more obvious nearby number, 64, for the key size.
Just about any machine that stores 56 bits of key conveniently
is likely to have 8 unused, because of the predominance
of 16, 32, and 64-bit word sizes in current computer architectures.
Much of the early work on DES was carried out by NBS and IBM Research;
56 is certsinly not a convenient number of bits for IBM mainframes, but 64 is.
Apparently, the unused 8 bits would have made decryption intractable
even to the US Government (if those bits had been used).
This comment is based on hazily remembered info from draft versions of the DES;
if the key size was expanded to 64 bits in the final standard,
I'm sure that someone will correct me.
-- Clay Phipps
--
{cbosgd decvax!decwrl!amd70 harpo hplabs!hpda ihnp4 sri-unix ucbvax!amd70}
!fortune!phippsobrien@randvax.UUCP (05/04/84)
This discussion properly belongs in net.crypt, but as I've recently heard new info on this I "just had" to post a reply. I recently asked someone about this who's in a position to know, and he told me that the NSA believes it would take them 10 years using top-of-the-line equipment to break a DES message. The NSA position is a matter of public record in Congressional testimony of three or four years ago: as presented to them by IBM, the DES algorithm had holes (very large ones) in it. They tightened it up, and shortened the key because it really didn't HAVE to be 64 bits. For the truly paranoid, the standard specifies an optional double-length key, which should about take care of any hope of ever decrypting the thing. Now of course, anyone can believe what they want. I tended to believe, myself, that the NSA probably DID cut the key length so that they could break anything that came their way if they truly wanted to. Now, I'm not so sure. I tend to believe that this fellow was giving me the straight dope.
phil@amd70.UUCP (Phil Ngai) (05/08/84)
Although the NSA may claim it would take them 10 years to break
text encrypted with DES, I would like to point out that there is at
least one IC (I won't say whose) that can encrypt at 1.7 megabytes
per second. That's equivalent to trying 242,857 56 bit keys per second.
60 sec * 60 min * 24 hr * 365 days = 31,536,000 sec
--- --- --- ---- ----
min hr day year year
2 ** 56 = 7.2 x 10 ** 16
If you had 10,000 of these devices operating in parallel you could try
all 2 ** 56 combinations in one year. On the average, you'd get it in 6 months.
If you had a million, you'd get a solution in 2 days.
These calculations are rather simplistic but show what is possible I think.
Did I mention that AMD got a large order from the NSA recently? Oh, I'm
not supposed to talk about it. (just kidding, everyone)
--
Phil Ngai (408) 749-5286 {ucbvax,decwrl,ihnp4,allegra,intelca}!amd70!phil