From: Raph Levien <raph@cs.berkeley.edu>
Date: Sat, 22 Jun 1996 12:23:58 +0800
To: perry@piermont.com
Subject: Re: Federal Key Registration Agency
In-Reply-To: <Pine.SUN.3.94.960620211746.20271D-100000@viper.law.miami.edu>
Message-ID: <31CB030B.6BE0@cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


Perry E. Metzger wrote:
> 
> Michael Froomkin writes:
> > I have seen the text of the speech.  The wire service accounts wildly,
> > wildly exaggerate.  This is a non-story...except for AG Reno's assertion
> > that it would take the government a year to break one DES message with a
> > "supercomputer".  She presumably believes this.  We know the number for
> > known plaintext attacks, but assuming you don't have a known plaintext,
> > what's a more reasonable assumption?
> 
> Known plaintext isn't needed for any brute force DES attack. Indeed,
> our own Dave Wagner showed in a paper not that long ago how to
> automate the process of detecting a good key.
> 
> The numbers in the Blaze et al paper are very realistic on this. A
> year is total bull -- not even within several orders of magnitude of
> accuracy.

Further, known plaintext is actually a very reasonable assumption. In 
S/MIME, for example, the first 8-byte block of text is almost certain to 
be 43 6f 6e 74 65 6e 74 2d, (i.e. the string "Content-"). This makes the 
process of analyzing the results trivial.

Raph