[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Double DES calculations

To: [email protected], [email protected]
Subject: Re: Double DES calculations
From: [email protected]
Date: Sat, 23 Jul 1994 07:03:27 -0400 (EDT)
Sender: [email protected]

Hal Finney wrote:

> Most of the time-space tradeoffs that I can think of for a basic MITM
> attack like this are pretty costly.  For example, instead of trying all
> the keys on both sides you could try just half the keys each time.  This
> would take only half as much space but up to four times the time.  You
> could also do some hashing to save space at the cost of false positives
> and more time.  Again, the point is not so much that double DES is weak,
> but more that if its strength is solely due to space costs that gives much
> less of a good feeling than if you had an algorithm that was strong both
> in space and in time.

Agreed, Hal.  I was just pointing out the fallacy of saying that 2-DES
would only take *TWICE* as long to break as 1-DES.  While there are some
tradeoffs that trade space for time, the one virtually constant factor is
monetary cost. Whether it's 300 million drives running for 10+ days to crack
the key, or 10 million for a year or so, the total energy consumed will be
virtually the same. By my calculations, the energy costs alone would be over
half a billion dollars per key.  Not only that, but one of these
hypothetical $1.5 TRILLION "monster crackers" can still only break 30 keys a
year.  (Good reason to generate temporary session keys!)

Also, I neglected the "overhead" costs associated, such as periodic
maintenance on all those drives.  Drives in nearly constant use will need
frequent maintenance, especially head cleaning, which is not a trivial task
on 300 million drives.

The only way I can see that this would be cost-effective is to locate it
near a prison (for cheap convict labor) with a cheap power source nearby.
That, or invent a cheaper storage medium than DAT.

In the final analysis, though, you're right.  I'd hate to calculate the cost
to break 3-DES.  Unless you're encrypting a high speed data link in real
time, where utmost throughput is essential, I see no reason to not use that,
or something equally strong.

 /--------------+------------------------------------\
 |              |  Internet: [email protected]   |
 | Dave Sparks  |  Fidonet:  Dave Sparks @ 1:207/212 |
 |              |  BBS:      (909) 353-9821 - 14.4K  |
 \--------------+------------------------------------/

Prev by Date: Re: GUT and P=NP
Next by Date: Re: GUT and P=NP
Prev by thread: Re: Double DES calculations
Next by thread: Re: Double DES calculations
Index(es):
- Date
- Thread