Re: Can we kill single DES?

["Perry E. Metzger" <perry@piermont.com>]

"Peter Trei" writes:
> Since it looks like the US government will be allowing the export of 
> 56 bit espionage-enabled software, it's time to kill single DES.

Double plus agreed.

> On this type of processor, it would still take 9133 years to exhaust 
> a 56 bit key space. On the other hand, on 20,000 processors of this
> power it would take less than 6 months. If the target is encrypted
> in a chaining mode with an unknown 8 byte IV, the time more than 
> doubles. 
> 
> Clearly, this goes far beyond the number of cpus available to the 
> members of this list (though well within the power of most governments
> and  many corporations)
> 
> The best idea I've heard for recruiting this many cpu cycles is to create
> a screen saver which does DES-cracking while machines are idle.
> Another incentive is to offer a cash prize to the person(s) who find the
> key.

These are both possibilities.

> 1. Is this a good idea? What will happen if DES becomes perceived
>     as insecure?

Well, I believe that we are better off if the general perception
catches up with reality.

> 2. What is the probability of success required to make it worth doing?

We need 50% success in one month to make it reasonably worthwhile.

> 3. What would be the consequences of failure?

I don't think we will fail :)

> 4. What other platforms than NT/Win95/Pentium should be considered?
>    I could write a Unix demon version, but unless it's tailored for the 
>    cpu, a lot of efficency is lost
>    (The aggregate number of idle cycles available for testing is the 
>   crucial number).

Other CPUs: MC68k, PowerPC, SPARC and Alpha versions, in roughly that
order.

> 5. What's a good target?

Good question :)

> Assume that the program will be a Win95/NT screen saver or 
> Unix deamon.

An X screen saver would also be good. Lots of
Linux/FreeBSD/NetBSD/BSDI weenies in the world.

Perry