From: "Perry E. Metzger" <pmetzger@lehman.com>
Date: Wed, 11 Aug 93 12:27:00 PDT
To: cypherpunks@toad.com
Subject: Re: How long would it take?
In-Reply-To: <9308111854.AA00246@toxicwaste.MEDIA.MIT.EDU>
Message-ID: <9308111925.AA03024@snark.shearson.com>
MIME-Version: 1.0
Content-Type: text/plain



Derek Atkins says:
> Breaking IDEA would take a brute force attack (2^128 keys) unless
> something better comes up.

Its generally unwise to make the assumption that the only possible
attack on your conventional scheme is a brute force attack. Certainly
the attacks used on many previous generations of cryptosystems were
never brute force -- and certainly every generation of naive
cryptographer has said "well, using brute force it would take N years
to break my cypher". A simple vingenere cypher with a 12 letter key
would seem to be very strong indeed (stronger than DES), and yet we
know you can break one in a few moments because there are better
attacks than brute force.

We have suprisingly little in the way of general theory on what would
or would not make a conventional cryptosystem strong.  Certainly
differential cryptanalysis will not be the last thing people come up
with. Until we know everything the NSA knows, I will be hesitant to
say "unless something better comes up" and more comfortable saying
"until something better comes up."

Perry