1997-01-07 - Re: The Upcoming DES Challenge

Header Data

From: Steve Reid <steve@edmweb.com>
To: Mike Duvos <mpd@netcom.com>
Message Hash: 11147cf9de1d3248b13c40a25a4c7fa450bb5bda742a2d0743a8c7c86786bb1e
Message ID: <Pine.BSF.3.95.970106201656.1932A-100000@bitbucket.edmweb.com>
Reply To: <199701070256.SAA00819@netcom8.netcom.com>
UTC Datetime: 1997-01-07 04:57:31 UTC
Raw Date: Mon, 6 Jan 1997 20:57:31 -0800 (PST)

Raw message

From: Steve Reid <steve@edmweb.com>
Date: Mon, 6 Jan 1997 20:57:31 -0800 (PST)
To: Mike Duvos <mpd@netcom.com>
Subject: Re: The Upcoming DES Challenge
In-Reply-To: <199701070256.SAA00819@netcom8.netcom.com>
Message-ID: <Pine.BSF.3.95.970106201656.1932A-100000@bitbucket.edmweb.com>
MIME-Version: 1.0
Content-Type: text/plain

> > It looks like there'll be an ascii-plaintext challenge (we won't
> > know the full plaintext - just that it's ascii, and long enough to
> > be unambigious)
> Ick.  Why overly complexify things?  A known plaintext attack would be
> far more straightforward.  After all, the goal is to recover the key,
> not the message.

I think a completely known-plaintext attack would not impress the
masses. Consider how often crypto illiterate programmers implement
ciphers (such as Vigenere variants) which are obviously vulnerable to
known-plaintext attacks. The idea seems to be that if you know the
plaintext, what do you need the key for? _We_ may know better, but I
think we are in the minority.

For a slight increase in the computational requirements, we could end up
with a break that the "DES is good enough" people would have a _much_
harder time downplaying.