0003158580@mcimail.com (William Hugh Murray) (04/11/91)
James Kirkpatrick writes: > - SNEFRU was discussed on this list, but I was dismayed to find it > had been broken, and that Merkle's response was to increase the > number of passes. This worries me because of the experience of > knapsack cryptosystems, where a single-iteration system was first > broken, followed by the introduction of multiple-iteration systems, > which were in turn broken (at least, that is my recollection; I may > have some details wrong). Well, with the same limitations on "details," and without commenting on SNEFRU, the following may be helpful. The DEA is an iterative system. There is a demonstration (Adelman?) that its strength goes up rapidly with the number of iterations, such that at sixteen (the number required by the standard) its strength reaches the point where an analytic attack is as expensive as an exhaustive attack against the key. (My recollection is that Adelman was attempting to demonstrate the power of his analytic attack rather than the strength of the algorithm.) Hellman set out to demonstrate the general inadequacy of the length of the 56 bit DES key; in the process he demonstrated its adequacy for many applications. I have always been grateful to him for his explication of the work required to break it, which is, conversely, a measure of its strength. (It should be noted that while the length of the key in the DES is specified to be 56 bits, the effective key length in DEA implementations is arbitrarily long. For example, IBM uses a 112 bit key in some applications.) While recovering a great deal of ENIGMA encoded traffic, ULTRA demonstrated that, with reasonable key management, ENIGMA is a formidable mechanism. Anything hit with a sufficiently large hammer will fall to pieces. The cost of the hammer is a measure of the strength of the thing. If the cost of the attack exceeds the value of its success, then the thing is economically unbreakable. For most purposes, that is good enough. ____________________________________________________________________ William Hugh Murray email: 315-8580@MCIMAIL.COM Information System Security WHMurray@DOCKMASTER.NCSC.MIL Consultant to Deloitte & Touche MCI-Mail: 315-8580