[RC5] Golomb Rulers (was "sexy" projects)

gindrup at okway.okstate.edu gindrup at okway.okstate.edu
Tue Mar 3 13:39:25 EST 1998

     There is no result showing that the security of Triple-DES is any 
     greater than DES.  As a previous note by myself pointed out, doing 
     an attack on an unknown ASCII message requires ~0.3% more effort to 
     brute force than to crack a message with known preamble.
     Anthough it has been shown that DES does not have a group structure, 
     so Triple-DES is inequivalent to DES, it has not been shown that the 
     encryption is any stronger.  Further, it is not (currently) thought 
     likely that Triple-DES is as strong as its keylength would indicate.
     Dual-DES has been shown to be equivalent to another encryption 
     scheme with 64-bit keys, so it's *very unlikely* that Triple-DES 
     gets you more than an equivalent of 72-bits of encryption.
     Regardless of this, if you went by the *legal* minimal requirements 
     for encryption, you'd be stuck with single DES.  If you used what is 
     permissible to export, you'd be using single DES or weaker.  One of 
     the points of attacking DES-II was to show that against a concerted, 
     focussed attack (which D.Net is not) DES is too easy to break.  As a 
     (U.S.) National Standard, it's pretty piss-poor.
     It has been calculated that a direct attack on dedicated hardware 
     could for ~US$10,000 break DES in a few minutes.  To crack multiple 
     messages in parallel on such a machine requires only logarithmic 
     growth in hardware expenditures (with various jumps when cache sizes 
     are exceeded).  So, Dual-DES takes ~0.25 days with such a machine 
     and Triple-DES takes 2 months.  For ~US$100,000, make those seconds, 
     a few minutes, and ~0.25 days.  For ~US1M, make that milliseconds, 
     seconds, and a few minutes,
     Thus, all known DES variants are essentially worthless with current 
     technology if you actually have something worth encrypting.  
     Individuals can throw ~US10k at things.  Affluent individuals and 
     very small corporations can work up ~US100k.  ~US1M requires a 
     medium corporation, a small government, or some wealthy individuals. 
      Medium-sized contries, large corporations and so on can just crack 
     more faster.  Your encryption is worthless and ONE of the points of 
     D.Net attacking the DES challenge was to demonstrate this.
     It was cracked in *idle* time on these computers.  It was handled 
     entirely invisibly.  No mad scientists had to rush around making 
     sure the experimental cracking machine was working.  This was done 
     with (generally older) off-the-shelf technology.  It was done with 
     incomplete platform support (for the early half).  The computing 
     power thrown at this problem isn't much compared to a current 
     It was pointed out during DES-II that one person was trying to get 
     time on a supercomputer in Japan to do DES-II in a couple of days of 
     idle tome on that machine.  It was estimated that in the absenceof 
     I/O, the process would have required ~40 minutes.  This is special 
     purpose hardware, not dedicated DES-tailored hardware.
     DES is meaningless.  A vaguely organized collection of a couple 
     dozen thousand Internet wahoos broke a message in a pitifully short 
     amount of time.  Would you protect a corporate secret with something 
     that could be broken so easily?  Would you try to keep IBM, or MS, 
     or GM, or Fujitsu, or any other large company from knowing your 
     secrets through DES security?  If so, you're an idiot.  These 
     companies can afford the R&D and the fab of dedicated hardware to 
     extract your secret in essentially no time.
     This is what the 45-day disorganized crack of DES-II proved.  It 
     also proved that government encryption legislation is ludicrous.  It 
     proved that distributed computing is not just some silly idea.  It 
     proved that there are people willing to run just about anything on 
     their computers.  It proved that RSA acknowledges our existence.  It 
     proved that idle time is good for more than accelerating the heat 
     death of the universe.  For each contributor, it proved something.  
     And there are widely divided camps on some of these issues.
            -- Eric Gindrup ! gindrup at okway.okstate.edu

______________________________ Reply Separator _________________________________
Subject: Re: [RC5] Golomb Rulers (was "sexy" projects) 
Author:  <rc5 at llamas.net > at SMTP
Date:    3/3/98 9:14 AM

         Yet another thing i've noticed is that cracking DES II was a pretty
useless goal except in the fact that it raised some money for charity.  The 
encryption program I use offers dual or triple DES encryption which would be 
rather difficult to crack without a known block of text.   
To unsubscribe, send 'unsubscribe rc5' to majordomo at lists.distributed.net
rc5-digest subscribers replace rc5 with rc5-digest

More information about the rc5 mailing list