[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
40 bit work factors (Re: NSA _likes_ strong crypto?)
On May 15, 6:05pm, Peter Trei wrote:
>
> 40 bit encryption is a bad joke = it would take about 2 min on this
> machine for 40 bit DES
Yes, 40 bit encryption is a joke, but one shouldn't
extrapolate exponontially between 56 bit DES and 40 bit encryption.
The work factor will not be less by a factor of 1/65536, but
rather in the same ballpark.
DES is generally faster to search than other ciphers
(5-10 times faster than RC5), so if the 40 bit encryption
is not with DES, 10 minutes would be a more accurate estimate.
As for 40 bit DES, nobody uses DES as is with 16
bits of the key zeroed out. What is more likely is something
like CDMF. A brute force attack on CDMF has about four times
the work the factor of (56 bit DES / 65536). Again 10 minutes
appear more accurate.
Which is not to say that we are not discussing a joke.
And talking about Wiener machines, they are much
faster on DES than most other symmetric ciphers, especially
something like RC5, which had reducing the efficiency
of hardware crackers as a design goal. So, one should
be careful about extrapolating from DES key search rates.
--
Anil Das