DES Security

Icepick (icepick@pclink.com)
Wed, 16 Apr 1997 08:37:17 -0500


As I was reading in Applied Cryptography book last night, it occured
to me that the DES chapter might have some intresting information,
so I skipped ahead about 200 pages, and read it.

Concerning the the supposed "security" of DES:

(shamelessly ripped from AP 2nd ed, page 300)

12.7 How Secure is DES Today?

The answer is both easy and hard. The easy answer just looks at key
length.
A brute-force DES-cracking machine that can find a key in an average of 3.5
hours cost only $1 million in 1993. DES is so widespread that it is naive
to
pretend that the NSA and its counterparts haven't built such a machine.

...

Winn Schwarau writes that the NSA had built a massively parallel
DES-cracking
machine as early as the mid-1980s. At least one such machine was built
by Harris Corp. with a Cray Y-MP as a front end. Supposedly there are a
series of algorithms that can reduce the complexity of a DES bruite-force
search
by several orders of magnitude. Contextual algorithms, based ont he nnner
workings
of DES, can scrap sets of possible keys based on partial solutions.
Statistical
algorithms reduce the effective key size even further. And other
algorithms
choose likely keys -- words, printable ASCII, and so on--to test. The
rumor is
that the NSA can crack DES in 3 to 15 minutes, depending on how much
preprocessing they can do. And these machines cost only $50,000 each, in
quanity.

(end rip)

Food for thought.

-Josh

my faith my grief my fear my blood my trust my flesh my hate my love
no more no less no fear no need no height no depth too great godspeed
Prove DES is weak, crack DES! http://www.frii.com/~rcv/deschall.htm