[3055] in cryptography@c2.net mail archive
Re: DES Applicability Statement for Historic Status
daemon@ATHENA.MIT.EDU (Bill Sommerfeld)
Thu Jul 23 12:52:32 1998
To: William Allen Simpson <wsimpson@greendragon.com>
cc: cryptography@c2.net
In-Reply-To: Message from William Allen Simpson <wsimpson@greendragon.com>
of "Wed, 22 Jul 1998 13:29:07 EDT." <v03130300b1dbcfdb2bef@[207.75.184.71]>
Date: Thu, 23 Jul 1998 10:38:29 -0400
From: Bill Sommerfeld <sommerfeld@orchard.arlington.ma.us>
Bill,
There are several different messages that an "applicability statement"
could deliver.
DES is currently still OK against *many* common threats (e.g., the
"3133t haqer" community) but it clearly cannot resist a determined
adversary with modest resources, and the threshold is clearly dropping
rapidly on all fronts; given the embarassingly parallel nature of the
problem, attacks using general purpose CPU's are likely speeding up
even faster than a naive application of Moore's Law would predict.
The much greater issue (which an applicability statement should focus
on) is the long-term use of DES.
I think that a much more supportable message is:
1) Protocols should not be tied to specific algorithms, key lengths,
or block sizes.
2) Anyone currently developing or deploying a *new*
appliation/protocol/system using single-DES (or weaker) is making a
mistake.
3) Anyone using single-DES (or weaker) algorithms (e.g., kerberos v4)
should migrate away from them at a prudent pace..
- Bill
