From: Matthew J Ghio <mg5n+@andrew.cmu.edu>
Date: Thu, 24 Mar 94 22:40:37 PST
To: Cypherpunks Mailing List <cypherpunks@toad.com>
Subject: Insecurity of DES?
Message-ID: <ohYccO200iUxAD4XUA@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


There's been a lot of talk about how "easy" it is to break DES.  As a
mental exercise I decided to see just how difficult it would be for me
if I really wanted to break a DES key.  There are 116 publicly
availiable unix workstations here on campus (DEC 3100s).  Between 12 am
and 8 am, there are rarely more than 50 users on the systems, including
remote users.  I could probably run processes on 50 of the unused
machines for a few hours every night without being too much of a
nuisance.  Assuming I could try a million DES decryption operations a
second on each (gross overestimation), how long would it take to brute
force a DES key?  Let's suppose for sake of argument that I could get
the machines all day:

2^56 keys / 50 cpus / 1,000,000 per second / 60 seconds / 60 minutes / 24 hours

= 16680 days = 45.7 years


Of course, specially-designed hardware would be much faster.