[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: DES-cracker built

To: Steve Bellovin <smb@research.att.com>
Subject: Re: DES-cracker built
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 17 Jul 1998 11:18:24 -0400
cc: ipsec@tis.com
In-reply-to: Your message of "Fri, 17 Jul 1998 01:18:08 EDT." <199807170518.BAA17341@postal.research.att.com>
Reply-To: perry@piermont.com
Sender: owner-ipsec@ex.tis.com

Steve Bellovin writes:
> According to http://www.nytimes.com/library/tech/98/07/biztech/articles/17encrypt.html
> John Gilmore and Paul Kocher have designed and built a DES-cracking
> machine.  It works; the whole project cost just $250,000.
> 
> When is the right time to discuss making a stronger cipher than
> DES mandatory?

Given how long such a debate takes us, starting now is probably a good 
idea.

This means that, sadly, the only algorithm we strongly enough suspect
to be secure is 3DES. More importantly, I suspect the only algorithm
that we could get consensus on would be 3DES. My suggestion,
therefore, would be for us to switch "mandatory" to 3DES, with a
commitment to replacing 3DES with AES eventually. I would suggest
using AES now, but for the fact that it doesn't yet exist.

I'm pretty confident that AES will eventually be a good replacement,
though. Several of the candidates look like exceptionally good ciphers.

My one question is whether, for interoperability with older devices,
we should retain "must implement" for DES (or any cipher that we may
mandate for a while and then drop, like 3DES) into the future. I would 
claim, unfortunately, that "yes" must be an answer to this.

Perry

PS Unfortunately, the recent near attacks on Skipjack by Eli Biham make
me suspect that it is not a reasonable alternative.

References:

DES-cracker built

From: Steve Bellovin <smb@research.att.com>

Prev by Date: Re: DES-cracker built
Next by Date: Re: DES-cracker built
Prev by thread: DES-cracker built
Next by thread: Re: DES-cracker built
Index(es):
- Main
- Thread