1993-09-09 - DES is Dead

Header Data

From: Philip Zimmermann <prz@columbine.cgd.ucar.EDU>
To: cypherpunks@toad.com (Cypherpunks)
Message Hash: 7cb402251a4526cbb3a610e0a5a7cfd67c5c7a7a07041832a285a94a98191c9c
Message ID: <9309091843.AA18068@columbine.cgd.ucar.EDU>
Reply To: N/A
UTC Datetime: 1993-09-09 18:48:12 UTC
Raw Date: Thu, 9 Sep 93 11:48:12 PDT

Raw message

From: Philip Zimmermann <prz@columbine.cgd.ucar.EDU>
Date: Thu, 9 Sep 93 11:48:12 PDT
To: cypherpunks@toad.com (Cypherpunks)
Subject: DES is Dead
Message-ID: <9309091843.AA18068@columbine.cgd.ucar.EDU>
MIME-Version: 1.0
Content-Type: text/plain


Forwarded message:
>Date: Thu, 09 Sep 1993 10:23:00 +0000
>From: "Michael (M.J.) Wiener" <wiener@bnr.ca>
>Subject: re:fw:DES is Dead
>To: prz@acm.org
>
>Philip,
>
>I'm pleased that my paper is getting some attention.  However, there
>were a few things in your note below that concerned me.
>
>The first is minor.  My last name is spelt "Wiener" - I've always been
>a little touchy about that.
>
>The second is that not only have we not built this machine, but we
>have no intention of doing so.  To say that the chip is ready for
>fabrication may mislead people about our intentions.  This is
>strictly a detailed paper design.
>
>Finally, I don't think that DES is dead.  After about 15 years of
>public scrutiny, we can conclude that DES is a well designed cipher
>with a well understood limitation (56-bit keys).  A natural
>replacement for it is triple-DES.  Proclaiming the death of DES
>may lead to its being replaced with an entirely new cryptosystem
>(e.g. Skipjack).
>
>I'd appreciate it if you would send a clarification (particularly on
>the second point) to the audience that received the message below.
>
>Thanks,
>
>Mike Wiener
>
>
>>From: Philip Zimmermann <prz@columbine.cgd.ucar.EDU>
>>Subject: Re: DES Key Search Paper (fwd)
>>
>>Michael Weiner presented a paper at Crypto93 that describes a fast DES
>>key search engine that uses a special inside-out DES chip that he designed.
>>This chip takes a single plaintext/ciphertext pair and quickly tries 
>>DES keys until it finds one that produces the given ciphertext from the
>>given plaintext.  Weiner can get these chips made for $10.50 each in quantity,
>>and can build a special machine with 57000 of these chips for $1 million.
>>This machine can exhaust the DES key space in 7 hours, finding a key
>>in 3.5 hours on the average.  He works for Bell Northern Research in 
>>Ottawa, and says they have not actually built this machine, but he has
>>the chip fully designed and ready for fabrication.  
>>
>>This is a stunning breakthrough in the realization of practical DES
>>cracking.  BTW-- note that PEM uses straight 56-bit DES.
>>
>>$1 million     - 3.5 hours
>>$10 miliion    - 21 minutes
>>$100 million   - 2 minutes
>>
>>It is not plausible to me that NSA's budget for examining DES-encrypted
>>traffic is less than $100 million.  Two minutes.  DES is dead, dead, dead.
>>
>> -prz
>>






Thread