Tim_C_May@cup.portal.com (02/25/89)
In a recent posting in comp.misc, friedman@porthos.rutgers.edu states: >> >>Not that I agree with Dave's intention of restricting the distribution >>of the Virsus TR. (I'd love to read a copy) However, DES is a bad >>example. Because the DES algorithm is so well known, it is no longer >>considered very secure. Any organization with a fast Cray can crack >>it in 8-10hrs. Sure, its more than you can do with your Apple II, but >>lots of organizations can do it. I would like to see some justification for this remark about how easy it is to bust DES. Diffie and Hellman looked into a "brute force" breaking of DES such as you describe in 1975 and concluded that a special purpose "DES-buster" computer could be built with tens of thousands of one-key-per-microsecond custom chips. They have slightly modified their estimates, as have others. And it may well be that NSA or others have built such a box, but this is unknown. Saying that a Cray can do it in tens of hours is wrong (roughly 10 to the 17th keys need to be examined...figure it from there). There is an incredible financial incentive to break DES: the banking system bases its transfers on DES. Maybe some superhacker has indeed done it ad just isn't saying, but there's no evidence that a few dozen hours on a Cray unlocks the billions of dollars a day of these transfers. The possibility that DES has built-in weaknesses in the S-boxes, placed there by the NSA to deliberately weaken DES, is possible but is unsupported by any solid evidence. Numerous technical papers presented at the Crypto conferences have reported on searches for such signs of weakness (such as cycles) and have found none. This doesn't mean it's "strong" of course, only that nobody has publicly reported a cracking of it. By the way, the fact that the algorithm is publicly known is part of its strength and part of its design: the algorithm can be subjected to analysis that a "secret" algorithm cannot. Some new COMSEC algorithms being pushed by NIST (formerly NBS) and NSA/NCSC are secret, however. Understand that I am not claiming DES is the best, or is even particularly good. Personally I'm more interested in asymmetric (public key) systems, but their speeds just aren't up to DES-type speeds for raw data transfer. Timothy C May Tim_C_May@cup.portal.com
vinsci@abo.fi (Leonard Norrgard) (02/27/89)
[cross-posted to comp.os.vms & comp.misc] In article <15057@cup.portal.com>, Tim_C_May@cup.portal.com writes: > Saying that a Cray can do it in tens of hours is wrong (roughly 10 to the > 17th keys need to be examined...figure it from there). I remember someone stating that DES had been broken over in the USSR, with a PC, in only a few hours. *IF* my memory serves me right, the algorithm (cluster-something) was published in one of their journals. Also, in the message, probably posted in sci.crypt or comp.os.vms (info-vax), the name of the journal was given. I searched my arhive, but had no luck. Anyone else remembering this? -- Leonard Norrgaard, vinsci@abo.fi, vinsci@finabo.bitnet, +358-21-654474, EET.
vinsci@abo.fi (Leonard Norrgard) (03/06/89)
In article <5555@abo.fi>, vinsci@abo.fi (Leonard Norrgard) writes: > [cross-posted to comp.os.vms & comp.misc] > > In article <15057@cup.portal.com>, Tim_C_May@cup.portal.com writes: >> Saying that a Cray can do it in tens of hours is wrong (roughly 10 to the >> 17th keys need to be examined...figure it from there). > > I remember someone stating that DES had been broken over in the USSR, > with a PC, in only a few hours. *IF* my memory serves me right, the algorithm > (cluster-something) was published in one of their journals. Also, in the > message, probably posted in sci.crypt or comp.os.vms (info-vax), the name of > the journal was given. > > I searched my arhive, but had no luck. Anyone else remembering this? The answer showed up in comp.os.vms: >Newsgroups: comp.os.vms >Subject: Re: DES Busting >From: jensen%hsr.uninett@NORUNIX.BITNET ("Tarjei T. Jensen") >Date: 3 Mar 89 07:20:00 GMT > >This is what I found on the spring 87 vax tape. I believe that it also appears >on the recent Languages and Tools SIG tape. >=============================================================================== > > Data Encryption Standard > > The NSA has announced that the Data Encryption Standard, or >DES for short, would not be supported when it expired. Various banks >have pushed for its retention on the grounds that it's secure enough >for the time being. > This is to advise all and sundry that in the 1979 to 1980 period >there appeared an article in the Proceedings of the Soviet Academy of >Science giving a simple way of pruning decision trees for DES ciphers >which describes equivalence classes of keys and allows greatly reduced >processing to break a DES cipher. The reduction in processing is such >that breaking a DES cipher would amount to on order 1.5 hours on a >standard IBM PC. There have been rumors that such a program is in >circulation and that a copy of it at NSA led to its withdrawal of >support for DES. > Be advised that DES is EXTREMELY likely to be vulnerable and >that other crypto methods are probably needed to secure data. > The Soviet article goes on to give some conditions on the >factors used for public key encryption which prevent or allow easy >breaking of those ciphers, so it is probably required reading for anyone >serious about protecting information. > I suppose that anybody with DES-protected data understands how they should feel about this. -- Leonard Norrgaard, vinsci@abo.fi, vinsci@finabo.bitnet, +358-21-654474, EET.