[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Can FBI/NSA break DES?



Nick's story of the FBI agent telling him about having the NSA crack
DES files found on a PC in a drug case could of course be the agent 
pulling his leg, but it could perfectly well be true.
After all, brute-force may not work well for searching 2**56 randomly-
generated session keys, but it's just fine for searching a million or
so easy-to-remember short stupid keys from dictionaries and such.
It's even faster if you augment your dictionary with the filenames on
the machine, first names of stupid people and the victim's friends,
family, customers, etc.  If Crack can do a good job finding root passwords
for computer-literate sysadmins, it ought to be pretty good at finding
passwords for semi-literate folks as well.

				Bill
# Bill Stewart    [email protected]  +1-908-949-0705 Fax-4876
# AT&T Bell Labs, Room 4M-312, Crawfords Corner Rd, Holmdel, NJ  07733-3030