1993-09-10 - Re: Crack DES in 3.5 hours for only $1,500,000!

Header Data

From: gnu (John Gilmore)
To: gnu@cygnus.com
Message Hash: 493f654ed55556ab471ec53530f11946affec20bc2f4c5b78a72514f9073a7f7
Message ID: <9309100913.AA23487@toad.com>
Reply To: <9309092314.AA15000@toad.com>
UTC Datetime: 1993-09-10 09:13:41 UTC
Raw Date: Fri, 10 Sep 93 02:13:41 PDT

Raw message

From: gnu (John Gilmore)
Date: Fri, 10 Sep 93 02:13:41 PDT
To: gnu@cygnus.com
Subject: Re: Crack DES in 3.5 hours for only $1,500,000!
In-Reply-To: <9309092314.AA15000@toad.com>
Message-ID: <9309100913.AA23487@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


I will have printed copies of the paper at the Cypherpunks meeting
this weekend.  Folks in other locations, please print the PostScript
version from ftp.eff.org:/pub/crypto/des_key_search.ps, rather than
asking me to mail printed copies.

Kudos to Michael Wiener for doing the work, and for making the paper
freely available online!

By the way, with 60,000 chips, it takes 3.5 hours to brute-force a 56
bit key.  If you lop 16 bits off, you lose a factor of ~60,000: it
takes ONE chip a few hours to brute-force it -- or a third of a second
if you use the whole machine.  I wondered where those ``40-bit keys''
came from...

Oho!  I now suspect why RC2 and RC4 must remain trade-secret...NSA
doesn't want people to know what particular internal algorithm
features their brute-force chips are capable of handling!  I recall
the discussion of how RC2/4 were invented; NSA told the designer
(since identified as Ron Rivest): "No, this is too big; weaken this
over here; do fewer rounds here; etc..."  What resulted was suitable
for NSA brute-force using chips they had readily available.  It's
possible that simple changes to the algorithm would render it much
less penetrable by NSA's current hardware.  Ron even knows *which*
changes, and I encourage him to tell us.

	John





Thread