[868] in cryptography@c2.net mail archive
RE: DES cracking is making real progress
daemon@ATHENA.MIT.EDU (Nelson Minar)
Tue May 20 12:25:41 1997
Date: Tue, 20 May 1997 12:00:14 -0400
From: nelson@media.mit.edu (Nelson Minar)
To: Andy Brown <a.brown@nexor.co.uk>
Cc: "cryptography@c2.net" <cryptography@c2.net>
In-Reply-To: <01BC6535.09AFF5D0@mirage.nexor.co.uk>
>> The DES cracking efforts are making real progress.
>This is doing more harm than good. The more weeks go by the more people are
>going to assume that DES is fine for today's security needs when in fact there
>are powerful organisations out there with dedicated hardware that can render
>DES useless.
I think it's hard to say for sure whether it's for good or bad. A lot
will depend on how it appears in the media. Unfortunately, I don't
think our side has much sophistication with spin control.
The amount of effort being spent to crack DES by deschall (and its
competitor, solnet) is pretty amazing. My PPro 200 comes in at just
under 1 million keys / second. That means that with the current
software, breaking DES will take on average 1150 Pentium Pro 200
years. That's a hell of a lot of cycles. As Andy Brown points out it
can be done much faster and cheaper with special purpose hardware. But
that hardware doesn't exist in the open.
So what do we do to make the point? The most effective demonstration
would be to build a DES cracking machine in the open, something that
would crack a key in 1 day. But that's expensive. The gamble is that
*any* sort of break of DES will end up sounding like DES is weak. I
don't think it's clear how the story will pay out.
Is single DES still used to protect money transfers?
(I should note that, to me, the more interesting aspect of deschall
and solnet is the manner of its computation. I believe the DES crack
is the largest loosely coordinated distributed computation ever. All
sorts of interesting issues have come up - social factors (how to keep
people committed for five months?), technical factors (keeping the
server running), and crypto factors (protecting from malicious clients).)
