[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Federal Key Registration Agency



>Michael Froomkin writes:
>> I have seen the text of the speech.  The wire service accounts wildly,
>> wildly exaggerate.  This is a non-story...except for AG Reno's assertion
>> that it would take the government a year to break one DES message with a
>> "supercomputer".  She presumably believes this.  ....

At 07:54 AM 6/21/96 -0400, Perry wrote:
>The numbers in the Blaze et al paper are very realistic on this. A
>year is total bull -- not even within several orders of magnitude of
>accuracy.

Actually, it may even be low - Cray-type supercomputers aren't particularly
designed for the bit-twiddling you need to do DES well.  An application-
specific cracking machine can do it several orders of magnitude faster
for a smaller amount of money.  Wiener's design was two orders of magnitude
more cost-effective than the two previous designs (Peter Wayner's content-
addressible-memory design and somebody-from-DEC's GaAs chip design were
both about $50M for a 1-day crack), and those were substantial breakthroughs
when they came out.  

But yes, she's giving out very misleading numbers for what cracking DES 
really costs, and I'd assume she's way too competent to be doing so
by accident - or at least she should be...

As far as Jim Bell's cracking cost estimates go, a Wiener-style machine
would cost about $1M for a 3.5-hour crack, or about 7 keys per day
with known plaintext.  If the on-chip penalty for detecting probable patterns
instead of specific ones is small (e.g. first cut is to accept keys which
have all the high-bits zero, which is 1/256 of the total), you should be
able to do better than three days per crack, especially if it's also not
too expensive to haul the key-schedule out of the chip on the 1/256 hits.
Double the cost if you think there's a random initialization vector,
and do other minor annoying things to the chip design if you're checking
for several popular known plaintexts and other creeping featurism,
and you're still close.  You may be willing to feed the hits from the
first round set of crunching into a more normal computer as well...

#				Thanks;  Bill
# Bill Stewart +1-415-442-2215 [email protected]
# http://www.idiom.com/~wcs
#				Dispel Authority!