[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: DES_ono



-----BEGIN PGP SIGNED MESSAGE-----

On Sun, 18 Feb 1996, Frank Willoughby wrote:

> Two brief questions about DES, if I may.
> 
> I have heard of a couple of rumours that DES is considered to be fairly weak.  
> Specifically, the rumors mentioned that there were some questions about the 
> design of the S-boxes and the possibility that there was a trap door which 
> would permit the NSA or other gov't agency to quickly obtain the cleartext.

DES has been scrutinized for about 20 years.  If there are any trap doors in
the code, then they were built in very well.  DES is weak because of its short
key length, not because of any flaws in its design.  AFAIK, there is no
efficient way to crack 3des (encrypt, decrypt, encrypt).  3des has a 168-bit
key, so brute-force is not efficient.

>[...]
> 
> Assuming the rumours of the weakness of DES are true, which symmetric
> encryption algorithms would you recommend which are substantially more
> secure than DES (and which are obtainable from Internet or commercial
> sources)?  (It doesn't haver to be exportable).

IDEA and RC4 (with at least 128 bits) seem to be pretty secure.  If you really
don't trust DES or 3DES, IDEA is probably currently the best symmetric
encryption algorithm.

- --Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
[email protected]              | finger -l for PGP key 0xf9b22ba5
http://www.voicenet.com/~markm/ | bd24d08e3cbb53472054fa56002258d5


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMSdFYrZc+sv5siulAQFclwP8C2KdGYd8ABRC3pTUV3Lvh6BIvq7Nxqf2
JELlEHqipX47PbBZkLSHqJOTFjcVxalZuXi3f0wthfpQXnTCcuo0msjKEyFuZZSp
wxDNysMzLkA5WyXw/XbPOVDgtSSoTNefR6Y3Wz593wkXAtg/GwtL4vjCAQFtKUhb
ngdgaIO9z8o=
=lEht
-----END PGP SIGNATURE-----