1996-07-25 - Re: Brute Force DES

Header Data

From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
To: cypherpunks@toad.com
Message Hash: aa77fd37b87809821e26878b4f4b8c57900630a8fc6476995167de27bb4b44c0
Message ID: <uH1kRD2w165w@bwalk.dm.com>
Reply To: <199607241617.MAA18214@jekyll.piermont.com>
UTC Datetime: 1996-07-25 02:06:16 UTC
Raw Date: Thu, 25 Jul 1996 10:06:16 +0800

Raw message

From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 25 Jul 1996 10:06:16 +0800
To: cypherpunks@toad.com
Subject: Re: Brute Force DES
In-Reply-To: <199607241617.MAA18214@jekyll.piermont.com>
Message-ID: <uH1kRD2w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Perry E. Metzger" <perry@piermont.com> writes:

> 
> The Deviant writes:
> > Buy the point is to prove that DES shouldn't be used, not that it CAN
> > be brute forced.  A known-plaintext attack doesn't show that.  We hafta
> > attack something we've never seen. (i.e. talk Netscape, or some other
> > company, into generating a DES'd message, and keeping the keys safe)
> 
> Known plaintext isn't needed. You just need a plaintext with some
> decent statistical properties.

May I suggest that a better demonstration for the public would be to allow any
person take a pre-determined text (such as "cypherpunks"), encrypt it wtih a
key of their choice (40-bir or 56-bit, depending on what we're trying to prove),
(i.e. demonstrating that some 40-bit key scheme is unsafe may be sufficient )
send the cyphertext to a GruborBot via e-mail or Web page, and get back within
reasonable time the key(s) that were used.  I think this is feasible; whether
it's all lookup table or some lookup and some computation is details.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





Thread