[RC5] Golomb Rulers (was "sexy" projects)
gindrup at okway.okstate.edu
gindrup at okway.okstate.edu
Tue Mar 3 13:39:25 EST 1998
There is no result showing that the security of Triple-DES is any
greater than DES. As a previous note by myself pointed out, doing
an attack on an unknown ASCII message requires ~0.3% more effort to
brute force than to crack a message with known preamble.
Anthough it has been shown that DES does not have a group structure,
so Triple-DES is inequivalent to DES, it has not been shown that the
encryption is any stronger. Further, it is not (currently) thought
likely that Triple-DES is as strong as its keylength would indicate.
Dual-DES has been shown to be equivalent to another encryption
scheme with 64-bit keys, so it's *very unlikely* that Triple-DES
gets you more than an equivalent of 72-bits of encryption.
Regardless of this, if you went by the *legal* minimal requirements
for encryption, you'd be stuck with single DES. If you used what is
permissible to export, you'd be using single DES or weaker. One of
the points of attacking DES-II was to show that against a concerted,
focussed attack (which D.Net is not) DES is too easy to break. As a
(U.S.) National Standard, it's pretty piss-poor.
It has been calculated that a direct attack on dedicated hardware
could for ~US$10,000 break DES in a few minutes. To crack multiple
messages in parallel on such a machine requires only logarithmic
growth in hardware expenditures (with various jumps when cache sizes
are exceeded). So, Dual-DES takes ~0.25 days with such a machine
and Triple-DES takes 2 months. For ~US$100,000, make those seconds,
a few minutes, and ~0.25 days. For ~US1M, make that milliseconds,
seconds, and a few minutes,
Thus, all known DES variants are essentially worthless with current
technology if you actually have something worth encrypting.
Individuals can throw ~US10k at things. Affluent individuals and
very small corporations can work up ~US100k. ~US1M requires a
medium corporation, a small government, or some wealthy individuals.
Medium-sized contries, large corporations and so on can just crack
more faster. Your encryption is worthless and ONE of the points of
D.Net attacking the DES challenge was to demonstrate this.
It was cracked in *idle* time on these computers. It was handled
entirely invisibly. No mad scientists had to rush around making
sure the experimental cracking machine was working. This was done
with (generally older) off-the-shelf technology. It was done with
incomplete platform support (for the early half). The computing
power thrown at this problem isn't much compared to a current
It was pointed out during DES-II that one person was trying to get
time on a supercomputer in Japan to do DES-II in a couple of days of
idle tome on that machine. It was estimated that in the absenceof
I/O, the process would have required ~40 minutes. This is special
purpose hardware, not dedicated DES-tailored hardware.
DES is meaningless. A vaguely organized collection of a couple
dozen thousand Internet wahoos broke a message in a pitifully short
amount of time. Would you protect a corporate secret with something
that could be broken so easily? Would you try to keep IBM, or MS,
or GM, or Fujitsu, or any other large company from knowing your
secrets through DES security? If so, you're an idiot. These
companies can afford the R&D and the fab of dedicated hardware to
extract your secret in essentially no time.
This is what the 45-day disorganized crack of DES-II proved. It
also proved that government encryption legislation is ludicrous. It
proved that distributed computing is not just some silly idea. It
proved that there are people willing to run just about anything on
their computers. It proved that RSA acknowledges our existence. It
proved that idle time is good for more than accelerating the heat
death of the universe. For each contributor, it proved something.
And there are widely divided camps on some of these issues.
-- Eric Gindrup ! gindrup at okway.okstate.edu
______________________________ Reply Separator _________________________________
Subject: Re: [RC5] Golomb Rulers (was "sexy" projects)
Author: <rc5 at llamas.net > at SMTP
Date: 3/3/98 9:14 AM
Yet another thing i've noticed is that cracking DES II was a pretty
useless goal except in the fact that it raised some money for charity. The
encryption program I use offers dual or triple DES encryption which would be
rather difficult to crack without a known block of text.
To unsubscribe, send 'unsubscribe rc5' to majordomo at lists.distributed.net
rc5-digest subscribers replace rc5 with rc5-digest
More information about the rc5