[1051] in cryptography@c2.net mail archive
RE: Cracking a DES Message
daemon@ATHENA.MIT.EDU (A. Padgett Peterson P.E. Informati)
Sat Jun 21 16:17:51 1997
Date: Sat, 21 Jun 1997 12:43:52 -0400 (EDT)
From: "A. Padgett Peterson P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
To: smith@securecomputing.com
CC: cryptography@c2.net
Rick rote:
2) How does this *really* affect user security today?
Two pieces:
a) effectively it does not affect security. Cost was *far* greater than
$10k since was all volunteer work and most, having done it once, would
probably not bother to do it again.
Given that, *what* key would be worth breaking ? Paradym today is to use
a different symmetric key for each message.
Besides we already knew it was possible, had been telling people that it
would happen and this summer (was about three weeks earlier than I put as
a maximum)
So from a security standpoint nothing is changed
b) however from a *perceptional* standpoint it is very important once we get
200,000,000 lemmings to charge. From a political standpoint, it came at the
worst possible time: "Given the Privacy Act and the Trade Secrets Act, USC
(memory is second thing to go...), the United States can no longer expect
those infrastructures defined by the President's Commission on Critical
Infrastructure Protection to rely for protection of vital communications
on a code that has been broken..."
Fact is that pornography has nothing to do with national defense and I have
yet to hear of a pornographer that took out a power grid or destroyed
a hospital network, or lost a multi-billion dollar contract to a foreign
corporation.
Misused crypto can offend. Unused crypto can cost lives.
Warmly,
Padgett (UDA)
