Mr. Harris:
I do not intend to use Microsoft Outlook in any other manner than
its default manner in terms of quoting text. But I will tell you that I
myself do not appreciate the way it functions, and am forced to use it until
Evolution (which I have much hope for) can read ".pst" files, and be
compatible with MS Exchange calendaring functions which I use extensively on
my clients servers. When that functionality exists, I will join you in
cursing Outlook. Doing all the editing involved as you request is simply
just too much work.
How about this, since my text is my writing, perhaps I ought say
this. I do not place my words in the public domain. I as their author am
choosing to publish them free, while still reserving all redistribution
rights. You sir, are granted a license to redistribute and republish my
words (in a public electronic forum), if each paragraph and sentence is
reproduced in its entirety, and by doing so you grant a full and complete
reciprocal license to do so with your words. I do not care where between
them you insert your commentary, but I do respectfully request that you
reproduce the entirety of what I say. That being said, the email client I
use no long has anything to do with how you may think you can control my
creative works (my words), strictly US and International copyright law shall
control. If you so choose to reply even once publicly to a statement I make,
then you also agree to give permission to publish publicly all responses you
may give, even if you do so privately at some point later concerning the
same conversation. This is a specific license, constructed specifically for
you, as all copyright holders are allowed to license differently to as many
parties as they wish their works.
You in fact argued that you quoted me in my entirety, but I would
remind you that you did not. If you did, where is the text, which follows
the comma after "The very honest to g-d truth is not that DES is weak due to
a short key length,". I would not mind if you had put the remainder of the
sentence below the commentary. That would be okay, but you have deleted the
remainder of that sentence. See the reply you sent below under "> > Crypto
list members:" down below. When you published that reply, it was absent
completely, portions of my words. How you break up my text in replying I do
not care, but providing it all, I feel is quite important and request via
the license provided above, that you do.
Now, in response to your other questions about my reading the
article, yes I did. However, you are not taking potential advances of
technology into account. In 5 years, we all may have machines with 10 12GHz
processors in them, and perhaps there will be contests not unlike those
sponsored by the EFF, where millions of computers simultaneously worked to
crack a phrase. Perhaps other advances in technology will exceed our current
expectations. I am just saying that its ridiculous to presume an encryption
algorithm will be good for a set amount of time, when we have no way to
gauge technology. This theory of doubling every 18 months is far from true
is just that, a theory; and may well prove to be invalid in 3 months anyway.
What if Intel and AMD decide their business plans are requisite of churning
out 2x current speeds every 3 months? Then what? I would say that from a
year and a half ago (given the AMD chips, at speeds of 1.7GHz) that a 450MHz
to 500MHz machine is 3 to 4 times in that same time period, and that is now!
What will the advancement rate be like in a year? How is the advancement of
SMP systems and clustering juxtaposed against that paper? No mention was
made about that! Respectfully, I do not agree with the paper you provided.
It makes assumptions which are not based in predictable scientific fact, and
even if so, cannot be shown to be an accurate predictor for the future.
You did quote me out of context, and that is why I complained. If
you include all my words that is one thing, you did not. Remember it is
impossible to be accused of quoting anyone out of context, if you provide
all their words.
If the short key length in your words, "is not an issue that
matters", then perhaps you can tell me why you argued it in the first place?
I am choosing to republish this too the list, as I feel that there
is information here of good publish use, and am desirous of sharing that
commentary with the Linux crypto community at large, for proper peer review.
Very Respectfully,
Stuart Blake Tener, IT3, USNR-R, N3GWG
Beverly Hills, California
VTU 1904G (Volunteer Training Unit)
stuart@xxxxxxxxxxx
west coast: (310)-358-0202 P.O. Box 16043, Beverly Hills, CA 90209-2043
east coast: (215)-338-6005 P.O. Box 45859, Philadelphia, PA 19149-5859
Telecopier: (419)-715-6073 fax to email gateway via www.efax.com (it's
free!)
JOIN THE US NAVY RESERVE, SERVE YOUR COUNTRY, AND BENEFIT FROM IT ALL.
Saturday, October 06, 2001 7:17 PM
-----Original Message-----
From: Sandy Harris [mailto:sandy@xxxxxxxx]
Sent: Saturday, October 06, 2001 11:07 AM
To: stuart@xxxxxxxxxxx
Subject: Re: des-cbc
"IT3 Stuart B. Tener, USNR-R" wrote:
Replying off-list since I feel there's nothing of general interest to be
discussed here.
If you feel this discussion belongs on the list, you have my permission to
quote me there.
> Mr. Harris:
>
> First off, I'll thank you to quote me in my entirety if you plan
to do
> that, otherwise don't quote me at all.
Not a chance. I'll quote enough to give context, no more.
See the mailing list ettiquette FAQ:
http://www.gweep.ca/~edmonds/usenet/ml-etiquette.html
In particular, the section on quoting:
http://www.gweep.ca/~edmonds/usenet/ml-etiquette.html#SECTION000900000000000
00000
Note, incidentally, that it recommends strongly against the quoting style
you are using, with your reply at the top followed by the entire message
you are replying to.
If, in snipping a post I'm replying to, I quote you out of context, complain
then. It is certainly not my intention to distort what you say.
As it happens, I did quote the entire message I was replying to in this
case,
so I don't know what you are complaining about.
> You simply left off the pertinent
> parts of my initial argument, then in the second paragraph you said just
> what I said, that the key length was too short.
>
> I admit I don't understand the difference between "Inadequate key
size is
> the only known practical problem with DES", and the fact that I stated
that
> the key length "being short" is relative to the amount of time it takes to
> use a brute force attack.
I don't think there's a difference that matters there.
> Your own justification of 3DES articulates that it
> is strong predicated on what you feel the processing power will be in 3
> years!
I cannot see how you got that notion out of anything I've said.
> Perhaps your arguments about a 12GHz machines being fast enough are true,
> but what if those 12GHz machines are worth $50 a pop by then, and someone
> uses 500 of them at one time in a Linux cluster? The impact of a high
> capacity machine does not mean that any person encouraged to break a key
> family via brute force, will do so with a single machine!
You still haven't understood the math here. Did you read the URL I pointed
to?
Using 500 machines makes search roughly 500 times faster. Every extra key
bit doubles the number of possible keys so adding 9 key bits makes the
brute force search problem 2^9 = 512 times harder.
Enough key bits (perhaps as few as 100, certainly less than 256) make the
search impractical for any computer, or any combination of computers, that
anyone is the least bit likely to build in this century.
Use a million machines at 1000 GHZ each. That's 1 million times one million
or 10^12 times faster than a single 1 MHz machine.
10^3 = 1000 < 1024 = 2^10 so 10^12 is less than 2^40.
Your million fast machines can break a 96-bit key by brute force about as
fast as a single 1 MHz machine can break DES. The problem is 2^40 times
harder and you have roughly 2^40 times as much power.
Against a 128-bit cipher, they take 2^32 > 4 billion times as long.
Against adequate key length, neither machine speed nor number of machines
matters a damn for brute force attacks. You just cannot win when the math
is exponential and working against you.
> Very Respectfully,
>
> Stuart Blake Tener, IT3, USNR-R, N3GWG
> Beverly Hills, California
> VTU 1904G (Volunteer Training Unit)
> stuart@xxxxxxxxxxx
> west coast: (310)-358-0202 P.O. Box 16043, Beverly Hills, CA 90209-2043
> east coast: (215)-338-6005 P.O. Box 45859, Philadelphia, PA 19149-5859
>
> Telecopier: (419)-715-6073 fax to email gateway via www.efax.com (it's
> free!)
>
> JOIN THE US NAVY RESERVE, SERVE YOUR COUNTRY, AND BENEFIT FROM IT ALL.
>
> Friday, October 05, 2001 11:30 PM
>
> -----Original Message-----
> From: owner-linux-crypto@xxxxxxxxxxxx
> [mailto:owner-linux-crypto@xxxxxxxxxxxx]On Behalf Of Sandy Harris
> Sent: Friday, October 05, 2001 5:59 PM
> To: linux-crypto@xxxxxxxxxxxx
> Subject: Re: des-cbc
>
> "IT3 Stuart B. Tener, USNR-R" wrote:
>
> > Crypto list members:
> >
> > The very honest to g-d truth is not that DES is weak due to a short key
> length,
>
> Nonsense. Inadequate key size is the only known practical problem with
DES.
> Differential and linear cryptanalysis both break it faster than brute
force
> in theory, but neither is a practical attack.
>
> The DES keylength was arguably too short when it was designed. Diffie and
> Hellman published a paper in 1977 showing that a keysearch machine that
> would break DES in about 9 hours could be built for $20 million.
>
> > or even broken (which is a lie, it has never been cracked).
>
> Sure it has:
> http://www.eff.org/descracker.html
> http://www.distributed.net/pressroom/DESII-1-PR.html
>
> The EFF machine was essentially the same design as Diffie and Hellman's,
> cost $200-odd thousand, and broke DES in 57 hours.
>
> > Its key
> > length would not be considered short if we were all running 1MHz Z80s
> again.
> > Key length is a determining factor only when the technology of
> effectuating
> > a brute force attack in a short period of time has become a low cost
> choice.
> >
> > Everyone now is saying 3DES is strong, but will we consider it
> strong in 3
> > years? Even if the algorithm is never found to have been cracked? Of
> course
> > we will, by then we will all have 12GHz processors, and 3DES will seem
the
> > same joke that DES is now.
>
> You don't appear to understand the math. For one explanation, see:
>
http://www.freeswan.org/freeswan_trees/freeswan-1.91/doc/glossary.html#brute
>
> Going from 1 MHz to 12 GHz is a factor of 12,000. 14 extra key bits make
> a cipher 2^14, about 16,000, times harder to brute force. At least against
> brute force keysearch, 3DES is strong enough.
>
> A meet-in-the-middle attack breaks 3DES in 2^112 encryptions, but that is
> almost certainly large enough to be safe. Also, the attack requires some
> absurd amount of memory.
>
> Linux-crypto: cryptography in and on the Linux system
> Archive: http://mail.nl.linux.org/linux-crypto/
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/
