[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [DES] Random vs Linear Keysearch.
Steve Reid wrote:
> > There are methods of protecting against some forms of sabotage:
> > The running XOR of the round 15 output will always ensure that the
> > keyspace has been searched, but requires duplicated work to check,
> > and the half-match method should work well on large blocks; if the
> > half-matches are distributed evenly, there should be a few in each
> > 31 bit chunk.
> Let's consider a worst-case, but entirely possible, scenario:
> The NSA doesn't like what we're doing. They want DES to be seen as strong,
> so they try to disrupt the effort.
> The NSA presumably has a large DES cracking machine. They use this to
> determine the key, then send a message to the servers saying that they've
> searched that space and not found the key. So, because everyone thinks the
> space has already been unsuccessfully searched, that space is avoided and
> the key is never found.
> This not only works for the NSA, but for any organization who can afford
> to brute-force DES and find the key before we do.
> Certainly any organization with a DES cracker wants DES to be considered
> secure. That way, people will continue to use DES and the cracking machine
> will still be of use.
Speaking of the NSA, someone there once said "never underestimate what your enemy is
willing to do to crack your code" (quote approx.), and you can extrapolate from that
"never underestimate the power of disinformation".