[RC5] [Fwd: NIST Credits Deep Crack]

Bryan M. Smith bmsmith at teleport.com
Fri Jan 15 18:47:20 EST 1999


Hey look! Just what all of our work has been for.


----------- Begin Forwarded Message ----------------
Subject: 
        NIST Credits Deep Crack
   Date: 
        Fri, 15 Jan 1999 10:10:02 -0500
   From: 
        John Young <jya at pipeline.com>
     To: 
        cryptography at c2.net




NIST credits Deep Crack as the reason for proposing 
using 3DES in lieu of DES in its new FIPS 46-3 (previously
posted <http://jya.com/nist011599.txt>:

Quote:

    Recently claims have been made of a special-purpose 
hardware based attack on the DES. In light of this most 
recent attack, NIST can no longer support the use of the 
DES for many applications. As with other security tools, 
encryption must balance cost against risk. The recent
brute force exhaustion attack by a ``cracking machine'' 
costing $250,000 took 56 hours to crack a single 
message.

With this special-purpose technology, the average time 
of cracking per message would be twice that, since only 
a quarter of all keys were tested. In some cases this kind 
of attack may not pose an immediate or significant threat
--for example where short-term protection of perishable 
information is desired. However, advances in technology 
are likely to further reduce the average cracking time. 
Therefore, NIST recommends the following:

--For existing systems, develop a prudent transition strategy 
to move to Triple DES. This strategy should match the 
strength of the protective measures against the associated 
risk. Critical systems should receive priority

--When building new systems, use Triple DES to protect 
sensitive, unclassified data

End quote

BTW, we've not been able to access CSRC today to get
the new FIPS. Anybody got the same problem? Miles Smid's
phone has been continually busy as well. Moreover, BXA has
been having problems at its site. Any connection to yesterday's
article in Federal Computer Week about lax standards and 
training for federal webmasters, or just the usual terrorist attack?

---------------- End Forwarded Message ----------------

-- 
Bryan M. Smith
bmsmith at teleport.com
bms047786 at email.com
http://members.tripod.com/~bmsmith/index.html
ICQ# 24750265
PGP key available upon request

 -----------------------------------------------------------
|For a good prime, call: 391581 * 2^216193 -1               |
|                                                           |
|The nice thing about Windows is - It does not just crash,  |
|it displays a dialog box and lets you press 'OK' first.    |
 -----------------------------------------------------------

--
To unsubscribe, send 'unsubscribe rc5' to majordomo at lists.distributed.net
rc5-digest subscribers replace rc5 with rc5-digest



More information about the rc5 mailing list