[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Time value and 56-bit DES [Re: CAST5-128 was: A little social engineering]

To: ipsec@tis.com
Subject: Time value and 56-bit DES [Re: CAST5-128 was: A little social engineering]
From: jim@mentat.com (Jim Gillogly)
Date: Sat, 21 Jun 97 11:03:58 PDT
Sender: owner-ipsec@ex.tis.com

WSimpson@UMich.edu says:
> > From: Robert Moskowitz <rgm3@chrysler.com>
> > Our Default cypher in the docs is 56bit DES, and I am not inclined to
> > change it.
> >
> Agreed.  If we change the ephemeral keys fast enough, that should be
> good for data with time value of no more than a day or two.

Depends also on the dollar value of the data.  Michael Wiener's carefully
designed hardware DES-cracker (Crypto '94 rump session, I think) would
cost $1M using 1994 technology, and would produce solutions in 3.5 hrs
on average.  I would keep 56-bit DES as the default cipher for now,
have a recommended second cipher (my preference would be 3DES-EDE
because of the available analysis and intellectual property status),
and be prepared to spring to another default if conditions warrant.

Our finding out that someone has built a Wiener Box would be such a
condition.  This week's DES crack is a useful data point, but doesn't
capture the threat from dedicated and specially-designed hardware.

	Jim Gillogly

Follow-Ups:

Re: Time value and 56-bit DES [Re: CAST5-128 was: A little socialengineering]

From: Robert Hettinga <rah@shipwright.com>

Prev by Date: Re: calculating IVs
Next by Date: Re: What price security?
Prev by thread: Timing of the IPSEC meeting
Next by thread: Re: Time value and 56-bit DES [Re: CAST5-128 was: A little socialengineering]
Index(es):
- Main
- Thread