[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

*To*: touch@ISI.EDU, hugo@watson.ibm.com*Subject*: Re: Breaking 40-bit DES*From*: touch@ISI.EDU*Date*: Fri, 31 Mar 1995 09:49:55 -0800*Cc*: smb@research.att.com, ipsec@ans.net*Posted-Date*: Fri, 31 Mar 1995 09:49:55 -0800

Hi, everyone, The DES numbers I posted were very preliminary, and unfortunately there was an error in my calculation (factor of 2 over). (I was doing ballpark estimation). > I'm afraid it's a simple matter of arithmetic. > > Let's look at Joe Touch's performance numbers. He got DES speeds > ranging from 20-37 Mbps. To make the arithmetic easy, let's just say > 32 Mbps. At 64 bits per block, that's .5 M encryptions/second, or 2 > microseconds per encryption. To exhaustively search a 40-bit key > space, we need to do about 10^12 operations. Assume that the key setup > overhead for an exportable cipher is about 5 DES operations (and that's > an overestimate, in my opinion), or 10^-5 seconds. That means that a > single processor could search the key space in 10^7 seconds. Run > this in parallel on 100 idle machines (or hacked machines on a LAN), > and you're done in 10^5 seconds. That's a bit over one day. > > Note that the only real assumption in this analysis is how long it takes to > do one key setup+encryption operation. Even if I'm off by a factor of > 10, it still gives you no privacy protection, though arguably it's > safe for now for authentication, since few sessions last 11.5 days. > > > --Steve Bellovin Here are more precise measurements (no variance - just one-shot): DESCORE: encry BW key time 10/51 5us 12.8 58us 20/61 4us 16 49us 20/71 3.1us 20.6 38us LIBDES: 10/51 9.9us 6.4 17.3us 20/61 8.3us 7.7 14.2us 20/71 6.5us 9.8 14.2us So, if you are doing encryption, I'd say 20-30 Mbps is still realistic (include Alphas and Pentiums, etc). As to the key time, it depends on what you use, (above). If you want a single set key and then a single encrypt, the best thing to use is LIBDES. Steve's estimate of 5x for key setup (vs. encrypt block) is emperically very accurate, but note that the above varies widely. Searching the key space could be done in 14.2us each, which is right in line with his estimate of 10us (even though *my* math was the one whose was off... :-) Joe

- Prev by Date:
**Re: IPv6 Security Last Call Initial Questions** - Next by Date:
**Re: Routing** - Prev by thread:
**MIssing the IETF Deadline of March 24th for IDs** - Next by thread:
**Seucurity API** - Index(es):