[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Insecurity of DES?



There's been a lot of talk about how "easy" it is to break DES.  As a
mental exercise I decided to see just how difficult it would be for me
if I really wanted to break a DES key.  There are 116 publicly
availiable unix workstations here on campus (DEC 3100s).  Between 12 am
and 8 am, there are rarely more than 50 users on the systems, including
remote users.  I could probably run processes on 50 of the unused
machines for a few hours every night without being too much of a
nuisance.  Assuming I could try a million DES decryption operations a
second on each (gross overestimation), how long would it take to brute
force a DES key?  Let's suppose for sake of argument that I could get
the machines all day:

2^56 keys / 50 cpus / 1,000,000 per second / 60 seconds / 60 minutes / 24 hours

= 16680 days = 45.7 years


Of course, specially-designed hardware would be much faster.