1993-10-13 - FLAME: breaking DES

Header Data

From: an42035@anon.penet.fi (Shimrod)
To: cypherpunks@toad.com
Message Hash: 672294ae0d214f594ca93d6bf502f511872b68472985018a1fdc5f0198757196
Message ID: <9310132049.AA21296@anon.penet.fi>
Reply To: N/A
UTC Datetime: 1993-10-13 20:51:45 UTC
Raw Date: Wed, 13 Oct 93 13:51:45 PDT

Raw message

From: an42035@anon.penet.fi (Shimrod)
Date: Wed, 13 Oct 93 13:51:45 PDT
To: cypherpunks@toad.com
Subject: FLAME: breaking DES
Message-ID: <9310132049.AA21296@anon.penet.fi>
MIME-Version: 1.0
Content-Type: text/plain

I have been following this argument, and I cannot let this post slide
without comment.

As near as I can tell, Karl pointed out an attack which shows that
double encrypting really doesn't buy you much security over single
encrypting.  Perry has chosen to ridicule this for impracticality.

(Incidentally, I notice a slight error in a followup post by Karl,
undoubtedly a typo on his part.  The number of chosen plaintexts
needed by differential cryptanalysis is 2^47 and not 10^47.  While
still a large number at more than 100 trillion, it is at least much
smaller than 10^47!)

This fact seems to have eluded Perry, despite his apparent expertise.

There are other meet-in-the-middle attacks, such as the one Chaum and
Evertse use against a DES variant (fewer number of rounds), described
in "Cryptanalysis of the DES with a reduced number of rounds" at

The meet-in-the-middle attack Karl posted is by Merkle and Hellman,
from the 1981 paper "On the Security of Multiple Encryption",
Communications of the ACM.  Strange, but I don't recall Perry asking
if Merkle and Hellman were worried that others might think they
beleived this.

Incidentally, the complexity of factoring a 2000 bit number is on the
order of 2.4 X 10^43 steps.

>Whenever Perry Metzger defends an opinion of his well, somebody whines.
>Whenever Perry Metzger disagrees with someone's arguments, someone else
>crys "unfair! He's using his WITS on me!"
>Whenever Perry Metzger has to stop and demonstrate something as simple as
>arithmetic to end an argument, someone cries "foul! sarcasm!  Hey, he's not
>playing nice!"

Well, if Perry were to have the BALLS to make impracticality arguments
against the experts who actually created the protocols and methods,
instead of taking cowardly pot-shots, maybe we wouldn't think he's
full of shit.  The attack is impractical, and if Perry weren't so
strung out he could have written a coherent post stating despite the
cleverness of the attack, it is out-of-reach with today's technology,
with some calculations showing this.

In the 1980 paper by Helleman "A Cryptanalytic Time-Space Tradeoff",
Helleman suggests it is possible to pre-compute and store 2^56
results, and use this information to lookup keys.  Cost: estimated at
$5 million.  (Although this is for singly encrypted text).

Funny, but I don't recall any dissenting papers by Perry on this
subject.  He didn't ask if Helleman really wanted people to think he
beleived this.

>Y'all need to develop slightly thicker skins.  Perry's efforts could serve to 
>raise the thought level of other posters to this list, if they'd stop reacting
>to each prod with an irritated swipe back at the prodder.

First off, Perry Metzger had treated this list to such CYPHERPUNK (?) gems as:

1) his dripping sarcasm
2) posts about theories on government, anarchy, and nazis
3) riduling posts obviously mistakenly sent (one such post with
   several ^H in it)
4) mailing list vs. newsgroup and how he can handle 300 mails a day
   and get work done
5) posts on the wide variety of services banks offer in New York
6) posts on the former libertarian orientation of Rep. Dana Rohrbacher
7) other pointless garbage

If Perry wanted to raise the thought level of other posters, he would
quit posting such bilge.  Ah, but then, he wouldn't be posting at all!

If he would take his BULLSHIT to private email, this list would
improve vastly.  If I missed the cypherpunk content in the above
examples, point it out.

He has a rather inflated ego and is quick to insult others:

>You don't know anything about hashing, then.

So if Perry feels that "you can lead a horse to water but can't make
him think" he could perhaps pull his head out of his ass, wipe the
shit from his eyes and ears, buy a fucking clue at the nearest store,
and shut up.
To find out more about the anon service, send mail to help@anon.penet.fi.
Due to the double-blind, any mail replies to this message will be anonymized,
and an anonymous id will be allocated automatically. You have been warned.
Please report any problems, inappropriate use etc. to admin@anon.penet.fi.