Re: Time value and 56-bit DES [Re: CAST5-128 was: A little socialengineering]

[jim@mentat.com (Jim Gillogly)]

Bob Hettinga says:
> > At 2:03 pm -0400 on 6/21/97, Jim Gillogly wrote:
> > Depends also on the dollar value of the data.  Michael Wiener's carefully
> > designed hardware DES-cracker (Crypto '94 rump session, I think) would
> > cost $1M using 1994 technology, and would produce solutions in 3.5 hrs
> > on average.
> 
> Let's see, Moore's law gives us today, three years later than 1994, $250k.
> In three more years, 2000, that's, what? $62.5k? How many keys do think you
> need to crack to, um, amortize, that $62.5k?
>...
> So, why, exactly, do you guys *not* want to default to 3DES?

As Perry Metzger points out, the idea is to get a standard quickly that
the group can agree on.  While DES is not adequate for protecting
individual sessions, it's a first step that would be a severe bar to
anyone hoovering up all Internet traffic and trying to make sense out
of it, especially with frequent key changes -- thus its ubiquitious use
would be a plus for general security.  A specific target isn't safe,
but the collateral damage is limited.

If people want real security, they can use the recommended stronger
cipher.  DES doesn't make the Net go dark to the attacker, but it's a
fairly good shade of gray for a start.

	Jim Gillogly

---

• Prev by Date: Re: ICMP must fragment and IPsec
• Next by Date: Re: How to negotiate key length with ISAKMP?
• Prev by thread: Re: Time value and 56-bit DES [Re: CAST5-128 was: A little socialengineering]
• Next by thread: DES futile?
• Index(es):
  • Main
  • Thread