[874] in cryptography@c2.net mail archive
Re: DES cracking is making real progress
daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Wed May 21 14:51:15 1997
To: "cryptography@c2.net" <cryptography@c2.net>
In-reply-to: Your message of "Tue, 20 May 1997 18:21:39 EDT."
<199705202221.PAA23328@netcom13.netcom.com>
Reply-To: perry@piermont.com
Date: Wed, 21 May 1997 12:22:24 -0400
From: "Perry E. Metzger" <perry@piermont.com>
Pat Farrell writes:
> The American and UK bankers that I've talked to are quite
> comfortable with DES today. I don't know if breaking one
> key will change that.
They shouldn't be comfortable with DES. In banking, it is easy enough
to determine the actual value of breaking a given key. For a
sufficiently large investment, the paper by Blaze, Diffie, Rivest,
Schneier, Shimomoura, Thompson and Weiner held that you could break
DES keys for an amortized cost of about $40 per key. Therefore, you
mustn't protect anything worth more than $40 with DES. This cost level
will plummet in future years, and since systems deployed today
necessarily have a life for many years to come, it is obvious that DES
is already unsafe for many financial applications.
Incidently, 40 bit systems are even more of a joke, with the same
paper claiming a likely crack cost of 1/10th of a cent per solution --
if your financial data has any value at all, 40 bits is insufficient.
Perry
