[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IPv6 Security Last Call Initial Questions
Date: Wed, 29 Mar 1995 18:55:12 -0500
From: "Perry E. Metzger" <perry@imsi.com>
>Just to repeat -- any exportable algorithm is too weak to provide any
>security. This is the case with all these 40 bit key algorithms. You
>can break them over the weekend in your lab.
I have heard this but not from what "I" consider the experts (e.g.
Bellovin, Karn, Kent, Kaufmann, Eastlake, S. Crocker, Nessett, Tardo,
Linn, and others).
I'm afraid it's a simple matter of arithmetic.
Let's look at Joe Touch's performance numbers. He got DES speeds
ranging from 20-37 Mbps. To make the arithmetic easy, let's just say
32 Mbps. At 64 bits per block, that's .5 M encryptions/second, or 2
microseconds per encryption. To exhaustively search a 40-bit key
space, we need to do about 10^12 operations. Assume that the key setup
overhead for an exportable cipher is about 5 DES operations (and that's
an overestimate, in my opinion), or 10^-5 seconds. That means that a
single processor could search the key space in 10^7 seconds. Run
this in parallel on 100 idle machines (or hacked machines on a LAN),
and you're done in 10^5 seconds. That's a bit over one day.
Note that the only real assumption in this analysis is how long it takes to
do one key setup+encryption operation. Even if I'm off by a factor of
10, it still gives you no privacy protection, though arguably it's
safe for now for authentication, since few sessions last 11.5 days.
--Steve Bellovin
Follow-Ups: