Re: Just an interesting cost estimate

Justin Dolske (dolske@cis.ohio-state.edu)
Wed, 28 May 1997 17:43:59 -0400 (EDT)


On Wed, 28 May 1997, Marc Briceno wrote:

> Let us focus on this mantra "$10,000 broke DES. Do not protect anything
> worth over $10,000 with DES."

I disagree. A large number of the people participating are not in it for
the money. If RSA had offered the contest without a prize, there would
still be an attack on it. This also gives a false sense of security about
encryption. For one, alot of data simply does not have a dollar value.
Additionally, this implies that DES is good enough if whatever you're
attacking is worth less than $10,000.

The point of DESCHALL/SolNet isn't to place a dollar-figure cap on the
value of the data you should use DES with. I think the point that applies
here (there are many) is that small keys can be broken by anyone or any
group that so desires. In most cases, the cost of using a larger key is
trivial.

Moral: Unless you have a *specific* reason for using a cipher with a short
key, you should probably be using something else.

Justin Dolske <URL:http://www.cis.ohio-state.edu/~dolske/>
(dolske@cis.ohio-state.edu)
Graduate Fellow / Research Associate at The Ohio State University, CIS Dept.
-=-=-=-=-=-=-=-=-=-=-=-=-=- Random Sig-o-Matic (tm) -=-=-=-=-=-=-=-=-=-=-=-=-
If you are ready to leave father and mother, and brother and sister, and
wife and child and friends, and never see them again - if you have paid
your debts,and made your will, and settled all your affairs, and are a
free man, then you are ready for a walk. -- Thoreau