Re: First place.

Justin Dolske (
Wed, 16 Apr 1997 13:09:41 -0400 (EDT)

On Wed, 16 Apr 1997, Mark Mayo wrote:

> Well, the one point you're missing is that it has be PROVEN that a VLSI
> team could build a custom cracking machine (with very modest hardware
> requirements) that can crack DES in hours...

Yup. This isn't an issue to some people, as they feel the government isn't
a threat to them. An arbitrary group of a few Internet users, however,
should be a threat to just about anyone.

> Now, I do think that the 56-bit RC5
> challenge is a different story, since that's a fairly solid algorithm
> AFAIK - that challenge is a bit pointless IMHO, since increasing the key
> size makes it damn near impossible to crack. Once again: DES is weak.

Just to expand on this... As far as I know, the algorithms for both RC5
and DES are good. The subtle difference is that the Data Encryption
Standard says to use a single 56 bit bit key. Although you can use DES
with multiple passes with different per-pass keys, that's not the Data
Encryption Standard. Subtle but important difference.

> Of course, it's all pointles since the US gov. won't allow the export
> of ANY real cryptography, DES or RC5... that's the real issue.

That's exactly what we're showing, though! If a small number of Internet
users can brute force a 56 bit key, 56 bits is obviously too short to be
of serious use. It's just unfortunate that the US Government just doesn't
seem to understand this.

Justin Dolske <URL:>
Graduate Fellow / Research Associate at The Ohio State University, CIS Dept.
-=-=-=-=-=-=-=-=-=-=-=-=-=- Random Sig-o-Matic (tm) -=-=-=-=-=-=-=-=-=-=-=-=-
74 a3 53 cc 0b 19 (Key to RSA's RC5/12/6 Challenge)