[2992] in cryptography@c2.net mail archive
3DES and Skipjack (was Re: Turing Bombe story)
daemon@ATHENA.MIT.EDU (Arnold G. Reinhold)
Fri Jul 17 19:06:24 1998
In-Reply-To: <199807171704.NAA26381@postal.research.att.com>
Date: Fri, 17 Jul 1998 17:19:06 -0400
To: Steve Bellovin <smb@research.att.com>,
"Scott G. Kelly" <skelly@redcreek.com>
From: "Arnold G. Reinhold" <reinhold@world.std.com>
Cc: Carl Ellison <cme@acm.org>, Steve Reid <sreid@alpha.sea-to-sky.net>,
Marcus Leech <Marcus.Leech.mleech@nt.com>, cryptography@c2.net
At 1:04 PM -0400 7/17/98, Steve Bellovin wrote:
>In message <35AF7F09.58D0D4FC@redcreek.com>, "Scott G. Kelly" writes:
>> Steve Bellovin wrote:
>> > A DES-cracking machine? Well, it's now been done -- John Gilmore
>> > and Paul Kocher designed and built a brute-force DES cracker.
>> > The project cost $250,000, according to Markoff's story in the
>> > NY Times -- see
>>
>> <trimmed...>
>>
>> Next question: What are the implications for 3DES? How about skipjack?
>
>This particular attack has no implications for either 3DES or Skipjack,
>because it was a brute-force search. 3DES, even at 112 bits, is likely
>out of reach of any exhaustive search. Skipjack, at 80 bits, is another
>matter. Moore's Law says that we'll get a constant-cost successor that
>can tackle 80 bits in ~36 years. But DES was arguably crackable
>over 20 years ago, which means that a well-funded enemy should be able
>to attack Skipjack in ~15 years.
>
>I could go on, but the best thing to do is to read the key length report
>done by Blaze et al. a couple of years ago.
A few years back , when General Paige (?) at DOD was pushing to use
Fortezza/Skipjack for classified data, he was quoted as saying that the NSA
was concerned that it could be broken in 20 years.
Arnold Reinhold
Got Crypto? http://ciphersaber.gurus.com
