[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: DES-CBC brute forced.

To: trei@process.com
Subject: Re: DES-CBC brute forced.
From: Uri Blumenthal <uri@watson.ibm.com>
Date: Thu, 19 Jun 1997 12:29:08 -0400 (EDT)
Cc: ipsec@tis.com
In-Reply-To: <199706191554.LAA20807@relay.hq.tis.com> from "Peter Trei" at Jun 19, 97 11:57:31 am
Reply-To: uri@watson.ibm.com
Sender: owner-ipsec@ex.tis.com

Peter Trei says:
> This is relevant to the issue of selecting
> bulk encryption algorithms for ESP.
> undertaken outside of government."
> ...................
> Using a technique called "brute-force", computers participating in
> the challenge simply began trying every possible decryption key...
> There are over 72 quadrillion keys (72,057,594,037,927,936).  At the
> time the winning key was reported to RSADSI, the DESCHALL effort had
> searched almost 25% of the total.  At its peak over the recent
> weekend, the DESCHALL effort was testing 7 billion keys per second.
> .....One.  This is the first time anyone has publicly shown that they
> can read a message encrypted with DES....................

What to do depends on how close to DEs you want to stay. There
is DES/SK (in which I have personal interest, as this mod was
designed by me and Steve Bellovin) - it will deny brute force
and make diff/lin attacks more difficult (but not impossible).
There's 3DES for those who don't want to change a single bit
of DES spec (which may or may not be wise, considering the
price paid)...
-- 
Regards,
Uri		uri@watson.ibm.com
-=-=-=-=-=-=-
<Disclaimer>

Follow-Ups:

What price security?

From: "Perry E. Metzger" <perry@piermont.com>

References:

DES-CBC brute forced.

From: "Peter Trei" <trei@process.com>

Prev by Date: RE: ISAKMP Oakley resolution and ipsec doi document questions
Next by Date: test
Next by thread: Re: New draft -- IPSEC AH
Index(es):
- Main
- Thread