1996-07-25 - Data Sources for DES Breaking

Header Data

From: mpd@netcom.com (Mike Duvos)
To: cypherpunks@toad.com
Message Hash: 6c59f053383be58a640042b0c8eedfb0007c167327236d2fb97461c4002a1b72
Message ID: <199607242051.NAA13352@netcom5.netcom.com>
Reply To: N/A
UTC Datetime: 1996-07-25 02:21:07 UTC
Raw Date: Thu, 25 Jul 1996 10:21:07 +0800

Raw message

From: mpd@netcom.com (Mike Duvos)
Date: Thu, 25 Jul 1996 10:21:07 +0800
To: cypherpunks@toad.com
Subject: Data Sources for DES Breaking
Message-ID: <199607242051.NAA13352@netcom5.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Given that we might embark upon this public demonstration of the
fragility of single DES, what should we use for test data?

If a lone Cypherpunk simply encrypts a file with DES-ECB, hides
the key in a drawer, and publishes the cyphertext and plaintext
for use in a distributed cracking effort, there will of course
be the suggestion that the exercise was rigged, and any public
policy implications will be lost in the endless "Was So/Was Not"
quibbling which will undoubtedly take place after the crack is
complete.

Given that most of the people currently singing the praises of
single DES live in the banking industry, which has so far
resisted all reasonable suggestions that it is time for them to
move to something stronger, it would seem almost obvious that
this crack should be done on some form of live financial data,
such as might be obtained if one were to capture bits passing
over publicly accessible phone lines between various financial
institutions, ATM machines, and centralized computer facilities.

The ideal data would be replete with prepended fixed headers
which could be used as a wedge for a known plaintext attack, and
should be sufficiently sensitive that breaking it will result in
scandalous tabloid headlines and numerous opportunities for
Cypherpunks to promote their policy agenda in the media.

DES is, after all, a prime example of the type of encryption one
gets when the government, rather than the brightest minds in the
private sector, are in charge of determining National Crypto
Policy and mandating the use of "approved" techniques.

I would suggest we obtain the test data for this exercise as soon
as possible, and widely disseminate it on the Net.  There is no
need to wait until we have distributed cracking software ready to
go before doing this, and having the actual data to play with
while munging the code together may lead to some new insights as
to efficient ways to attack the problem.

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $






Thread