ljdickey@watmath.UUCP (Lee Dickey) (11/19/83)
To: news Subject: Re DES Cracked at Waterloo? : net.crypt References: <2725@utcsrgv.UUCP> The article that outer@utcsrgv quoted from the Toronto Star seems to be a copy of the one that appeared in the Kitchener-Waterloo Record last week. The K-W Record got it wrong. Mullin told them so. The K-W Record told him they would not give the wrong scoop to the wire-services. I guess they let it slip anyway. Too bad. Mullin, Blake, and Vanstone have killed the finite logarithm method for the size 127, (one hour), but do not claim to have mopped up the logarithm problem in its entirety. NO CLAIM has been made by them about cracking DES. -- Lee Dickey, University of Waterloo. (ljdickey@watmath.UUCP) ...!allegra!watmath!ljdickey ...!ucbvax!decvax!watmath!ljdickey
don@allegra.UUCP (D. Mitchell) (11/06/84)
I would not say that it is easy to break DES. Jim Reeds and I have broken highly weakened versions of DES, but it is certainly very resistant to many sophisticated attacks. The thrust of most modern attacks are either toward group-theoretic analysis of the algorithm or toward elaborate statistical attacks like hidden-Markov-process stuff. I personally believe the latter can break DES, but only with a lot of crunching and a lot of sample text. Hierarchical key schemes or using some kind of autokey method might be better than the standard NBA "modes". If the enemy does not know some of the plaintext, he must rely on statistical models of the text. Often 70 or 80 percent of the "information" in a message is really known in this way. Such information can be removed by compression. There is a neat correspondence between text compression algorithms and some statistical model of the text. Including random (but not pseudo-random!!!) data in a message in the right way can even throw off a known-plaintext attack. There are a number of papers on this in Crypto 82. You have to consider who might want to read your messages. Breaking DES is beyond the reach of "hackers", but you might worry about them monitoring your terminal while you type the key. That sort of physical security is often the weakest link.