Re: First place.

Mark Mayo (mark@quickweb.com)
Wed, 16 Apr 1997 12:29:40 -0400


On Wed, Apr 16, 1997 at 08:05:50AM -0700, Justin Wolf wrote:
> Key size, key size... 56-bits has to do with the key size. DES can easily go to 112-bit triple which would be impossible to crack in any reasonable amount of time, even for the government. At such time where 112-bit triple DES became crackable, people would start using something else anyway, like 224-bit quadruple DES or 1024-bit layered RSA or whatever. There's nothing inherently wrong with DES, just the key size which is currently being allowed for export. As far as symmetric algorithms go, it's pretty good. And if you want to make it more difficult to crack use non-standard techniques within the algorithm (sure it's non-standard and there's a chance you'll break it, but someone would have to figure out that you changed the algorithm first).
>
> Remember, chose an encryption technique that will protect the data as long as the data needs to be protected. How many times do you think a secret that needs to be protected for eternity is sent over the internet or allowed outside of the two people (or person) involved? It doesn't get emailed, it gets hand couriered.

And why should I have to pay for a guy to drive up to my company in a large,
fossil fuel burning van just to send confdential data? Do you think it would
be hard to hi-jack that guy in the van? Of course not... I want to be able
to have private data transfer, to anyone I wish to communicte with..

>
> I could go on but, it doesn't really matter anyway. People have opinions which blind them into incoherency.
>

Well, the one point you're missing is that it has be PROVEN that a VLSI
team could build a custom cracking machine (with very modest hardware
requirements) that can crack DES in hours... You can be sure the US
gov. has one (hell, I would if I were in that position!). The problem is
that DES isn't good enough anymore. Now, I do think that the 56-bit RC5
challenge is a different story, since that's a fairly solid algorithm
AFAIK - that challenge is a bit pointless IMHO, since increasing the key
size makes it damn near impossible to crack. Once again: DES is weak.

Of course, it's all pointles since the US gov. won't allow the export
of ANY real cryptography, DES or RC5... that's the real issue. Luckily,
I'm in Canada and my gov. isn't quite so stupid (although I'm sure they
would do something like this if they had DES cracking hardware that they
wanted to protect their investment on...). Still, I feel the blow
of retarded US crypto laws everytime I do business with a US customer.

So, the issue isn't quite so simple, 'nor is the effort pointless.

-Mark

> -Justin
>
> -----Original Message-----
> From: drew@sml.co.jp [SMTP:drew@sml.co.jp]
> Sent: Wednesday, April 16, 1997 12:42 AM
> To: Justin Wolf; 'cmcurtin@research.megasoft.com'; Golan Klinger; rsacrack@vex.net; hackers@freebsd.org; deschall@gatekeeper.megasoft.com
> Subject: RE: First place.
>
> >You actually think that DES is too weak when it takes all the
> >hackers in the known unix world to stage an attempt which has
> >been so far unsuccessful? Hmm... different point of view I guess.
>
> You actually think that the US government doesn't have at least ten
> times the computing power of everyone in this effort put together?
> Hell, they've probably got that much computing power just in people's
> desktop workstations. The fact is, 56-bit keys are useless when up
> against the US Government.
>

-- 
----------------------------------------------------------------------------
 Mark Mayo		  				mark@quickweb.com       
 RingZero Comp.  	  		   http://vinyl.quickweb.com/mark 

finger mark@quickweb.com for my PGP key and GCS code ---------------------------------------------------------------------------- University degrees are a bit like adultery: you may not want to get involved with that sort of thing, but you don't want to be thought incapable. -Sir Peter Imbert