1993-09-10 - No Subject

Header Data

From: koontzd@lrcs.loral.com (David Koontz )
To: cypherpunks@toad.com
Message Hash: 8d58ee174fc9a092ec430c91828e33f43c6e1fded0296b9962d9eab06d5b50da
Message ID: <9309101558.AA19871@nebula.lrcs.loral.com>
Reply To: N/A
UTC Datetime: 1993-09-10 16:03:48 UTC
Raw Date: Fri, 10 Sep 93 09:03:48 PDT

Raw message

From: koontzd@lrcs.loral.com (David Koontz )
Date: Fri, 10 Sep 93 09:03:48 PDT
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <9309101558.AA19871@nebula.lrcs.loral.com>
MIME-Version: 1.0
Content-Type: text/plain


>From: "David LANDGREN, PUB         " <David.D.L.LANDGREN@pub.oecd.fr>
>To: cypherpunks@toad.com
>Subject: ... long live DES (sic)
>Importance: Normal
>Status: R
>
>>>>This chip takes a single plaintext/ciphertext pair and quickly tries
>>>>DES keys until it finds one that produces the given ciphertext from the
>>>>given plaintext.
>
>It's all very well to be able to crack DES in 3.5 hours, but I don't know
>of too many people who obligingly send out the plaintext and cyphertext of
>a message together, or in some other way combinable.  If U can get the
>plaintext of a DES-encrypted msg then U don't need to dick around with DES
>anyway.  No-one ever said it was bulletproof; a direct consequence is that
DES users change their keys awful frequently.

The way to get plaintext is through what is known as revealed-plaintext,
where you can with a high degree of accuracy 'guess' part of the plaintext
of a message, such as "From: Col. Dimwitt" in a message format, or the
title of a paper or document, which is usally unclassified and knowable
from another source.

Fearing such, our illustrious 3 letter governmental organization implemented
with the advent of electronic crypto gear (set your way back machine, sherman)
something called traffic flow security, where on a radio net or dedicated
line a cryptographic stream continously runs.  The idea is to make it
hard to distinguish boundaries of messages, and thus revealed-plaintext.

This also allows the use of the caveat - EFTO (Encrypted For Transmission Only)
seen on unclassified messages, hey the line was otherwise idle, waiting for
classified traffic, right?

Modern communications are swinging toward the use of packets, which beside
allowing traffic analysis unless the transmission medium is denied (Such
as using link encryption as a super encryption, or dedicated lines, etc.).

The way to offset to offset the vulnerability to revealed-plaintext attacks
is to use filling where some random data followed by a sync or start of
message symbol preceeds the the actual message.  All message traffic should
be encrypted in general, making it hard to separate the wheat from the
chaff.  Ideally the only unencrypted data should be that required for
operating the communications protocol, including denial of packet ordering
if possible.

There's a paper found on the NIST anonymous ftp site entitled 'Security in
ISDN' by William E. Burr that can be informative.  Its available in PostScript
and is around 70 pages long.





Thread