1998-07-20 - Re: 3DES weak because DES falls to brute-force? (was Re: John Gilmore…)

Header Data

From: mgraffam@mhv.net
To: Ryan Lackey <rdl@mit.edu>
Message Hash: 0507cc1b6573fae3909230a6dd63e9d430bbf63a7d02e4d6551d27c803c7c05f
Message ID: <Pine.LNX.3.96.980720145402.20197A-100000@ismene>
Reply To: <199807201732.NAA25239@denmark-vesey.MIT.EDU>
UTC Datetime: 1998-07-20 19:17:07 UTC
Raw Date: Mon, 20 Jul 1998 12:17:07 -0700 (PDT)

Raw message

From: mgraffam@mhv.net
Date: Mon, 20 Jul 1998 12:17:07 -0700 (PDT)
To: Ryan Lackey <rdl@mit.edu>
Subject: Re: 3DES weak because DES falls to brute-force? (was Re: John Gilmore...)
In-Reply-To: <199807201732.NAA25239@denmark-vesey.MIT.EDU>
Message-ID: <Pine.LNX.3.96.980720145402.20197A-100000@ismene>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 20 Jul 1998, Ryan Lackey wrote:

> So, this *highly* optimistic calculation says that even if we are willing to
> assume an *incredible* performance speedup due to better technology and
> vertical integration that continues unabated (and exceeds reality), *and*
> we're willing to wait 1000 years for our answer, *and* are willing to spend
> $20t to build the machine, it is at least 51 years before you should start.

Humrph .. your calculations came in just before I was gonna send mine out
.. bc is a nice utility, ain't it? :)

> While I agree that data intended to remain secure should be secured with
> something other than 3DES, it is for the potential of a breakthrough in 
> algorithms, not speedup in brute force techniques, which is worrisome.

Well, I disagree here.. unless the "something other than 3DES" is an OTP,
of course. I don't see anything that looks better than DES, minus the
key-size issue. DES has had the fiercest analysis done on it for the
longest amount of time. If we are worried about a breakthrough in
the algorithmics, then it seems to me we ought to use DES based on the
fact that it has been analyzed longer, and has proved itself strong.

We've covered the new vs. old algorithm debate here recently, so I'll
shut up.. suffice it to say, I fall in line with the 'old' school.

I don't find it useful to worry about possible new general cryptanalytic
breakthroughs: it is basically impossible to defend against them. In
the face of an attacker who has infinite secret cryptanalytic ability 
(within the bounds of what can be done brute-force wise) only an OTP
would be useful, but we are talking long-term archival here.. I don't
see how an OTP helps us. If we have a secure vault to lock the pads up
in until either a) the heat death of the universe, or b) the Big Crunch
then we may as well just put the plaintext in there and be done with
it. As I see it, OTP are only workable in communications, and then
obviously in a limited manner.


Michael J. Graffam (mgraffam@mhv.net)
http://www.mhv.net/~mgraffam -- Philosophy, Religion, Computers, Crypto, etc
I think that we should be men first, and subjects afterward. It is not
desirable to cultivate a respect for the law, so much as for the right.
			Henry David Thoreau "Civil Disobedience"






Thread