[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

DES futile?

> From: "Perry E. Metzger" <perry@piermont.com>
> "William Allen Simpson" writes:
> > Agreed.  If we change the ephemeral keys fast enough, that should be
> > good for data with time value of no more than a day or two.
> I disagree. See the "Big Seven" paper:
> ftp://ftp.research.att.com/dist/mab/keylength.txt
> ftp://ftp.research.att.com/dist/mab/keylength.ps
I've read it.  In some retrospect, you are correct; it not only depends
on the time value of the data, but also the size of the attacker.

Since you are in an industry where a few million $ here and there is no
problem, you are saying that we need a _basic_ protection against large
corporations and major governments?

That is, are you saying we should abandon DES as mandatory?

> > My recommendation is to poke a stick in the sand at CAST5-128.
> Unfortunately, it is too new. I'd say we mandate DES as we do now, and
> recommend 3DES, which has a very solid amount of research behind
> it. CAST is probably a good idea in a couple of years when its been
> beaten up more.
That's why I'd poke a stick in the sand.  A direction.

It sounds to me like you want something "sooner".

> > We could certainly use it for a few years until AES is defined and
> > analysed.  But do we trust the AES process?  Look how NBS/NIST weakened
> > DES from 112 to 56 bit keys 20 years ago!  Folly!
> They didn't weaken it, Bill. It turns out that because of Differential
> Cryptanalysis, LUCIFER had an inherent strenth that was far lower than
> the number of keys. They only made the key length correspond to reality.
Mea Culpa, I went back and re-read Schneier on Lucifer, and you are

Funny how it is the "urban legend" that one remembers most clearly.

I still don't trust secret design criteria and analysis!  Let's remember
that we are designing for the Internet, not the US NIST.  Open, rough
consensus, running code.

    Key fingerprint =  17 40 5E 67 15 6F 31 26  DD 0D B9 9B 6A 15 2C 32
    Key fingerprint =  2E 07 23 03 C5 62 70 D3  59 B1 4F 5E 1D C2 C1 A2