[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Time value and 56-bit DES [Re: CAST5-128 was: A little social engineering]

WSimpson@UMich.edu says:
> > From: Robert Moskowitz <rgm3@chrysler.com>
> > Our Default cypher in the docs is 56bit DES, and I am not inclined to
> > change it.
> >
> Agreed.  If we change the ephemeral keys fast enough, that should be
> good for data with time value of no more than a day or two.

Depends also on the dollar value of the data.  Michael Wiener's carefully
designed hardware DES-cracker (Crypto '94 rump session, I think) would
cost $1M using 1994 technology, and would produce solutions in 3.5 hrs
on average.  I would keep 56-bit DES as the default cipher for now,
have a recommended second cipher (my preference would be 3DES-EDE
because of the available analysis and intellectual property status),
and be prepared to spring to another default if conditions warrant.

Our finding out that someone has built a Wiener Box would be such a
condition.  This week's DES crack is a useful data point, but doesn't
capture the threat from dedicated and specially-designed hardware.

	Jim Gillogly