die@frog.UUCP (Dave Emery) (10/27/84)
<eat this> As someone unversed in cryptology I'd like to ask what may seem like a dumb question, does anybody know whether DES has *actually* been broken ? One hears much speculation about "NSA trap doors" and such, and discussion of some work which suggests the effective key length may be slightly shorter than 56 bits, but I am unaware of any account at all of someone having actually derived a method (short of brute force) of breaking DES encoded messages with only approximately (or partially) known plaintext, or even of obtaining the key given a large plaintext and it's equivalent ciphertext (even for block encipherment with a fixed key). Does anybody know of published or unpublished work that establishes a method of breaking DES in a reasonable amount of real time per key other than brute force milling on gigantic arrays of special processors ? Which leads to my second question, how secure should one assume something enciphered under DES really is ? Does current technology permit organizations with the resources of a say a large corporation (or even the mafia) (many millions to spend, but not billions) to break DES using more or less available hardware (large arrays of chips (standard or semi/full custom) or perhaps fast array processors such as the Cray machines) in under a few months per key ? When will we reach this point if we are not already there ? What impact does using double encipherment (DES-DES) or all the various variations (such as cipher chaining or feedback) of using the text being enciphered to permutate an initial key have on security ? I've heard it said that double encipherment doesn't help much ... why is this so ? Is it ever possible to break a DES class cipher without possessing any plaintext/cipher text pairs at all, by using statistical approaches based on knowlage of the properties of the plaintext being transmitted ? -- ---- David I. Emery Charles River Data Systems 983 Concord St. Framingham, MA 01701 Tel: (617) 626-1102 uucp: ...!decvax!frog!die