[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: DESX



Dave Emery <[email protected]>:

> 	Anybody have any estimate as to how much actual strength this
> adds to DES ?

You might want to read "The Security of DESX" by Phillip Rogaway in
CryptoBytes Vol. 2 Number 2 (Summer 1996) pp 8-11, which is available
somewhere on RSADSI's web site <URL:http://www.rsa.com> (possibly
<URL:http://www.rsa.com/PUBS/> might be a good starting point) or the
underlying research paper "How to protect DES against exhaustive key
search" by Kilian and Rogaway in CRYPTO '96:

     [The] results don't say that it's impossible to build a machine
     which would break DESX in a reasonable amount of time.  But they
     do imply that such a machine would have to employ some radically
     new idea: it couldn't be a machine implementing a key-search
     attack, in the general sense which we've described.

(Quoted from the CryptoBytes article.)

>                How would one break it in a practical cracker machine ?

Maybe not at all; see above.