[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Crack DES in 3.5 hours for only $1,500,000!



>From: [email protected] (John Gilmore)
>Message-Id: <[email protected]>
>Subject: Re: Crack DES in 3.5 hours for only $1,500,000! 
>Date: Fri, 10 Sep 93 02:13:32 -0700

It feels like you're jumping to conclusions, John.  At 40 bits of key, I
don't care how strong an algorithm is.  I can have my network of
SPARCstations try all keys.  NSA chip technology doesn't enter into that
analysis.

Meanwhile, on the death of DES -- what we know is that there's a known
plaintext attack, given the right hardware.

What I've recently heard called a pre-whitening (XOR with PRNG before the
DES) wipes out the known plaintext.  The PRNG doesn't need to be that
strong.  It's protected by DES and vice versa -- Chinese-puzzle style.

Of course, my personal favorite DES variant remains:

	compress|des|tran|des|tran|des

but if you're really paranoid, you could change it to:

	compress|xor|tran|des|tran|des|tran|des

since xor and tran are so cheap.  [des in any mode you prefer -- eg.,
cbc or cfb -- IVs kept secret, of course.]

[For those not reading sci.crypt, tran is an (up to) 8KB transposition
with PRNG keyed from the histogram of the first block of bytes -- code
posted to sci.crypt, mailed by me or avbl by ftp from scss3.cl.msu.edu.]

 - Carl