[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Time value and 56-bit DES [Re: CAST5-128 was: A little social engineering]
> > From: Robert Moskowitz <email@example.com>
> > Our Default cypher in the docs is 56bit DES, and I am not inclined to
> > change it.
> Agreed. If we change the ephemeral keys fast enough, that should be
> good for data with time value of no more than a day or two.
Depends also on the dollar value of the data. Michael Wiener's carefully
designed hardware DES-cracker (Crypto '94 rump session, I think) would
cost $1M using 1994 technology, and would produce solutions in 3.5 hrs
on average. I would keep 56-bit DES as the default cipher for now,
have a recommended second cipher (my preference would be 3DES-EDE
because of the available analysis and intellectual property status),
and be prepared to spring to another default if conditions warrant.
Our finding out that someone has built a Wiener Box would be such a
condition. This week's DES crack is a useful data point, but doesn't
capture the threat from dedicated and specially-designed hardware.