[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPv6 Security Last Call Initial Questions


	 Date: Wed, 29 Mar 1995 18:55:12 -0500
	 From: "Perry E. Metzger" <perry@imsi.com>

	 >Just to repeat -- any exportable algorithm is too weak to provide any
	 >security. This is the case with all these 40 bit key algorithms. You
	 >can break them over the weekend in your lab.

	 I have heard this but not from what "I" consider the experts (e.g.
	 Bellovin, Karn, Kent, Kaufmann, Eastlake, S. Crocker, Nessett, Tardo,
	 Linn, and others).  

I'm afraid it's a simple matter of arithmetic.

Let's look at Joe Touch's performance numbers.  He got DES speeds
ranging from 20-37 Mbps.  To make the arithmetic easy, let's just say
32 Mbps.  At 64 bits per block, that's .5 M encryptions/second, or 2
microseconds per encryption.  To exhaustively search a 40-bit key
space, we need to do about 10^12 operations.  Assume that the key setup
overhead for an exportable cipher is about 5 DES operations (and that's
an overestimate, in my opinion), or 10^-5 seconds.  That means that a
single processor could search the key space in 10^7 seconds.  Run
this in parallel on 100 idle machines (or hacked machines on a LAN),
and you're done in 10^5 seconds.  That's a bit over one day.

Note that the only real assumption in this analysis is how long it takes to
do one key setup+encryption operation.  Even if I'm off by a factor of
10, it still gives you no privacy protection, though arguably it's
safe for now for authentication, since few sessions last 11.5 days.

		--Steve Bellovin