From: ferguson@fiber.sprintlink.net (Paul Ferguson x2044)
Date: Fri, 10 Sep 93 08:23:47 PDT
To: gnu@toad.com
Subject: Cracking DES - A practical implimentation?
Message-ID: <9309101617.AA09158@fiber.sprintlink.net>
MIME-Version: 1.0
Content-Type: text/plain



On Thu, 09 Sep 93 16:14:56 -0700,
 <gnu@toad.com> John Gilmore wrote -

> Be the first on your block!
 
No kidding. I just ftp'd the des_key_search.ps file from ftp.eff.org
and browsed through the first few pages (hats off to Michael for a 
fine piece of work). This is indeed an important milestone and will
have an impact on the cryptographic implementations used by banks, etc.
in the very near future. It should be interesting to see what the future
holds ....


> The paper was written as a warning to DES users (bankers) and their
> customers (depositors).  DES is used to protect electronic money
> transfers among banks all over the world.  Several billion dollars per
> day are moved in this way.  Within a day of finishing the machine, a
> criminal could easily pay back the $1.5M in capital.  In the second
> day, they'd have the capital required to build a second machine, and
> in the third day a positive cash flow would begin.  Banks can do 
> nothing to stop this -- if they shut down their comm links, they go
> out of business; if they keep moving money over them, intruders suck
> money out at will.  I recommend not keeping your money in banks...

...and in another communique -

> Oho!  I now suspect why RC2 and RC4 must remain trade-secret...NSA
> doesn't want people to know what particular internal algorithm
> features their brute-force chips are capable of handling!  I recall
> the discussion of how RC2/4 were invented; NSA told the designer
> (since identified as Ron Rivest): "No, this is too big; weaken this
> over here; do fewer rounds here; etc..."  What resulted was suitable
> for NSA brute-force using chips they had readily available.  It's
> possible that simple changes to the algorithm would render it much
> less penetrable by NSA's current hardware.  Ron even knows *which*
> changes, and I encourage him to tell us.

That would be an interesting revelation, wouldn't it? ,-)


_____________________________________________________________________________
Paul Ferguson                                                               
Mindbank Consulting Group                        fergp@sytex.com   
Fairfax, Virginia  USA                           ferguson@icp.net