1994-08-03 - DES Flames
Header Data
From: kentborg@world.std.com (Kent Borg)
To: cypherpunks@toad.com
Message Hash: d05bc33da57b2048e1fc0c8e6486d32ad16161c61b5665a898d93de53ad30b39
Message ID: <199408031722.AA10579@world.std.com>
Reply To: N/A
UTC Datetime: 1994-08-03 17:22:56 UTC
Raw Date: Wed, 3 Aug 94 10:22:56 PDT
Raw message
From: kentborg@world.std.com (Kent Borg)
Date: Wed, 3 Aug 94 10:22:56 PDT
To: cypherpunks@toad.com
Subject: DES Flames
Message-ID: <199408031722.AA10579@world.std.com>
MIME-Version: 1.0
Content-Type: text/plain
It seems I made two mistakes.
1) I didn't word my question clearly enough.
2) I posted from my AOL account.
(Note that this is sent from a Genuine Hard to Use Unix
Machine as Terribly Sophisticated Proof the I am not a
Complete Fool...boy, some people are naive.)
I try again.
Given:
1) Some people worry about the strength of DES. (Correct?)
2) DES is within striking distance of a brute-force attack,
this is far-and-away its most serious weakness. (Correct?)
3) 3-DES is nowhere near soon being vulnerable to a
brute-force attack. (Correct?)
It follows then that:
3-DES is a trivial fix of DES' ills. (Correct?)
Now, I repeat my puzzle. If there really was a Great Government
Gnashing of teeth over how to replace DES, what was the problem? Is
it that 3-DES is too good? (But then why the great worry over DES in
the first place? 56-bits is not something easy to break off the
shelf. Are we worried about the French or Japanese or somebody?)
Something doesn't add up here--and it isn't the fact that one of my
six or eight internet addresses is an AOL account.
My tentative answer: DES is *generally* too strong for the TLA's
taste, but specifically 56-bits worth of DES is too little. They were
in a paradox of wanting something the US spooks could read but others
can't. But then why the long delay before back-door systems like
Clipper are rushed out? It still doesn't add up.
Another possible answer: the threat to DES was not its weakness,
rather the combination of its *strength* and the fact that regular
folks would start using it, a la PGP and RIPEM. When it first came
out only banks and stuff were interested, not plain old citizens. In
other words, DES' fault was how strong it is. (ObStupidWarning: Yes,
56-bits is too few to really trust, but 3-DES is a trivial variation.)
-kb, the Kent who no longer has Perry's permission to post
--
Kent Borg +1 (617) 776-6899
kentborg@world.std.com
kentborg@aol.com
Proud to claim 39:30 hours of TV viewing so far in 1994!
Thread
Return to August 1994
- Return to ““Ian Farquhar” <ianf@simple.sydney.sgi.com>”
Return to “kentborg@world.std.com (Kent Borg)”
- 1994-08-03 (Wed, 3 Aug 94 10:22:56 PDT) - DES Flames - kentborg@world.std.com (Kent Borg)
- 1994-08-03 (Wed, 3 Aug 94 15:57:10 PDT) - Re: DES Flames - “Ian Farquhar” <ianf@simple.sydney.sgi.com>