[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Brute Force DES



"Perry E. Metzger" <[email protected]> writes:

> 
> The Deviant writes:
> > Buy the point is to prove that DES shouldn't be used, not that it CAN
> > be brute forced.  A known-plaintext attack doesn't show that.  We hafta
> > attack something we've never seen. (i.e. talk Netscape, or some other
> > company, into generating a DES'd message, and keeping the keys safe)
> 
> Known plaintext isn't needed. You just need a plaintext with some
> decent statistical properties.

May I suggest that a better demonstration for the public would be to allow any
person take a pre-determined text (such as "cypherpunks"), encrypt it wtih a
key of their choice (40-bir or 56-bit, depending on what we're trying to prove),
(i.e. demonstrating that some 40-bit key scheme is unsafe may be sufficient )
send the cyphertext to a GruborBot via e-mail or Web page, and get back within
reasonable time the key(s) that were used.  I think this is feasible; whether
it's all lookup table or some lookup and some computation is details.

---

<a href="mailto:[email protected]">Dr.Dimitri Vulis KOTM</a>
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps