On Fri, 5 Oct 2001, IT3 Stuart B. Tener, USNR-R wrote:
> Key length is a determining factor only when the technology of effectuating
> a brute force attack in a short period of time has become a low cost choice.
Correct. Which is definitely true for single DES. It may not be "broken"
in an abstract technical sense, but in a practical sense it's hopelessly
vulnerable and should not be used for anything that matters. If it's
worth taking the trouble to encrypt your files, it's worth using a
stronger algorithm.
> Everyone now is saying 3DES is strong, but will we consider it strong
> in 3 years? Even if the algorithm is never found to have been cracked?
Yes. Even assuming a (somewhat difficult) meet-in-the-middle attack,
3DES's strength against brute-force key search is is 72057594037927936
times (that is, 2^56 times) the strength of 1DES. That is not a factor
that a few years of computer evolution will overcome. A century from now,
the question will need closer examination, but right now it is not a
realistic concern.
> Of course
> we will, by then we will all have 12GHz processors, and 3DES will seem the
> same joke that DES is now.
No. It will take much more than 12GHz to accomplish that. The ability
to do arithmetic is useful in such discussions.
Henry Spencer
henry@xxxxxxxxxxxxx
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/
