Re: DES in real life

["Perry E. Metzger" <perry@piermont.com>]

Michael Froomkin writes:
> Recognizing that DES is not the best thing out there, but that it is
> better than RC40 and life is a series of cost/benefit tradeoffs and that

Thats RC4, and it isn't neccessarily better than RC4, especially if
the RC4 key length is reasonable. No one really knows the strength of RC4.

> 1) Suppose you are approached by a corporate client who believes that they
> can get export permission for DES (but nothing stronger, i.e. no 3DES). 
> What kind of real-world, non-banking, applications is DES just too weak
> for today?

I'd guess that anyone who consideres their messages to be worth more
than a few hundred bucks a pop has cause to worry, because thats the
upper limit on the cost of cracking DES keys these days.

> 2) How long before DES becomes generally unsuitable for (A) corporate 
> (B) personal use [please keep the threat model on which this question is 
> based in mind -- threats *other than* the US government wiretapping you]?

I'd say it is unsuitable for anything approaching a valued corporate
secret today. Personal use? Well, the threat model there is all
important. Certainly your cousin can't crack DES keys -- yet.

> 3) Do you have a view as to whether DES (A) will and (B) should be 
> recertified next time the issue arises?

DES should not be recertified. I have no opinions on what the
government will do.

Perry