Quoting "IT3 Stuart B. Tener, USNR-R" <stuart@xxxxxxxxxxx>: > Perhaps your arguments about a 12GHz machines being fast enough are > true, > but what if those 12GHz machines are worth $50 a pop by then, and > someone > uses 500 of them at one time in a Linux cluster? The impact of a high > capacity machine does not mean that any person encouraged to break a key > family via brute force, will do so with a single machine! > Oh dear. As several people have pointed out, 3DES is 2^56 times harder to brute-force than DES making the machines 100 times faster brings that down to about 2^49 using 500 machines will bring that down to 2^40 If you made the machines 100 MILLION times faster, and used 500 MILLION of them, you would be getting close to the ability anyone has to break 1DES today. This is very easy to calculate - look up "exponential" in a textbook, and you'll stop throwing "500" around as if it were a big number in this context > > Very Respectfully, > > Stuart Blake Tener, IT3, USNR-R, N3GWG > Beverly Hills, California > VTU 1904G (Volunteer Training Unit) > stuart@xxxxxxxxxxx > west coast: (310)-358-0202 P.O. Box 16043, Beverly Hills, CA 90209-2043 > east coast: (215)-338-6005 P.O. Box 45859, Philadelphia, PA 19149-5859 > > Telecopier: (419)-715-6073 fax to email gateway via www.efax.com (it's > free!) > > JOIN THE US NAVY RESERVE, SERVE YOUR COUNTRY, AND BENEFIT FROM IT ALL. > > Friday, October 05, 2001 11:30 PM > > -----Original Message----- > From: owner-linux-crypto@xxxxxxxxxxxx > [mailto:owner-linux-crypto@xxxxxxxxxxxx]On Behalf Of Sandy Harris > Sent: Friday, October 05, 2001 5:59 PM > To: linux-crypto@xxxxxxxxxxxx > Subject: Re: des-cbc > > "IT3 Stuart B. Tener, USNR-R" wrote: > > > Crypto list members: > > > > The very honest to g-d truth is not that DES is weak due to a short > key > length, > > Nonsense. Inadequate key size is the only known practical problem with > DES. > Differential and linear cryptanalysis both break it faster than brute > force > in theory, but neither is a practical attack. > > The DES keylength was arguably too short when it was designed. Diffie > and > Hellman published a paper in 1977 showing that a keysearch machine that > would break DES in about 9 hours could be built for $20 million. > > > or even broken (which is a lie, it has never been cracked). > > Sure it has: > http://www.eff.org/descracker.html > http://www.distributed.net/pressroom/DESII-1-PR.html > > The EFF machine was essentially the same design as Diffie and Hellman's, > cost $200-odd thousand, and broke DES in 57 hours. > > > Its key > > length would not be considered short if we were all running 1MHz Z80s > again. > > Key length is a determining factor only when the technology of > effectuating > > a brute force attack in a short period of time has become a low cost > choice. > > > > Everyone now is saying 3DES is strong, but will we consider it > strong in 3 > > years? Even if the algorithm is never found to have been cracked? Of > course > > we will, by then we will all have 12GHz processors, and 3DES will seem > the > > same joke that DES is now. > > You don't appear to understand the math. For one explanation, see: > http://www.freeswan.org/freeswan_trees/freeswan-1.91/doc/glossary.html#brute > > Going from 1 MHz to 12 GHz is a factor of 12,000. 14 extra key bits make > a cipher 2^14, about 16,000, times harder to brute force. At least > against > brute force keysearch, 3DES is strong enough. > > A meet-in-the-middle attack breaks 3DES in 2^112 encryptions, but that > is > almost certainly large enough to be safe. Also, the attack requires some > absurd amount of memory. > > Linux-crypto: cryptography in and on the Linux system > Archive: http://mail.nl.linux.org/linux-crypto/ > > > Linux-crypto: cryptography in and on the Linux system > Archive: http://mail.nl.linux.org/linux-crypto/ > -- Andrew McGuinness Luton, UK a.mcguinness@xxxxxxxxxxxx Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/