From: Liz Taylor <liz@nym.alias.net>
Date: Tue, 7 Jan 1997 15:15:10 -0800 (PST)
To: cryptography@c2.org
Subject: Re: The Upcoming DES Challenge
Message-ID: <19970107231051.1088.qmail@anon.lcs.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


There is nothing unglamorous about a known plaintext attack, if the
plaintext is choosen carefully. I don't know anything about bank ATMs
and the protocols they use, but I presume the PIN is stored on the card
single DES encrypted. If this is so, anyone can take an ATM card, attack it
to recover the key and then use that key to recover the PIN for any stolen
ATM card of that bank (or that branch). Hopefully, the ciphertext/plaintext
pair that RSA announces will be a real target like this, with the actual key
disabled. Once the key is recovered, the press can then claim that ATM
cards are not safe any longer.

On a related note, do you think the key will first be recovered by a
hardware device or by the Great Internet DES Key Search? Hardware is
much faster, but no such device exists in the private/amateur sector
now. Estimates are that it will take 10 months to actually build such
a device. Opinions?