From: doug@netcom.com (Doug Merritt)
Date: Tue, 12 Oct 93 21:16:35 PDT
To: cypherpunks@toad.com
Subject: Re: Breaking DES
In-Reply-To: <pmetzger@lehman.com>
Message-ID: <9310130416.AA25367@netcom5.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


pmetzger@lehman.com said:
>Each DES block is eight bytes. You can't use hashing -- the idea is
>nonsense in context. Did you read the original post?

Yes, I did. If hashing doesn't work, you'll have to say why not. It's a
technique that works in most other situations.

>First of all, its actually twice that because you really need 16
>bytes.

As I said, we can tackle this if anyone cares to...it's unclear that
this is an invitation, but assuming it is: hashing gives a first-pass
screening good for every 1/256 calculations, given the assumptions I
stated. For each collision more work is needed...but you haven't invited
that analysis, nor addressed it yourself.

>Second of all, the method is still impractical. I was merely
>giving the easiest and most obvious attack on it.

Impractical? Your response to Karl implied that it was *impossible*. If
you wish to apologize to Karl, and say that it is merely "impractical",
then I will agree with you and drop the subject. The expense required
definitely indicates that it is "impractical."

>I see no reason to continue this. I don't think your argument has
>credibility.

Clearly you are preparing to drop the argument because you sense that
your tactic of flaming didn't work. I welcome the lessening of flames,
so thank you for that. We could use less flames here.
	Doug