1997-05-16 - 40 bit work factors (Re: NSA likes strong crypto?)

Header Data

From: das@razor.engr.sgi.com (Anil Das)
To: cypherpunks@algebra.com
Message Hash: c2ab164513d3a13efde640015d23a0ab12a65ffa4be58027d0a4b6b56c90f5e1
Message ID: <9705151817.ZM10492@razor.engr.sgi.com>
Reply To: <199705152153.OAA02386@rigel.cyberpass.net>
UTC Datetime: 1997-05-16 01:30:34 UTC
Raw Date: Fri, 16 May 1997 09:30:34 +0800

Raw message

From: das@razor.engr.sgi.com (Anil Das)
Date: Fri, 16 May 1997 09:30:34 +0800
To: cypherpunks@algebra.com
Subject: 40 bit work factors (Re: NSA _likes_ strong crypto?)
In-Reply-To: <199705152153.OAA02386@rigel.cyberpass.net>
Message-ID: <9705151817.ZM10492@razor.engr.sgi.com>
MIME-Version: 1.0
Content-Type: text/plain


On May 15,  6:05pm, Peter Trei wrote:
>
> 40 bit encryption is a bad joke = it would take about 2 min on this
> machine for 40 bit DES

	Yes, 40 bit encryption is a joke, but one shouldn't
extrapolate exponontially between 56 bit DES and 40 bit encryption.
The work factor will not be less by a factor of 1/65536, but
rather in the same ballpark.

	DES is generally faster to search than other ciphers
(5-10 times faster than RC5), so if the 40 bit encryption
is not with DES, 10 minutes would be a more accurate estimate.

	As for 40 bit DES, nobody uses DES as is with 16
bits of the key zeroed out. What is more likely is something
like CDMF. A brute force attack on CDMF has about four times
the work the factor of (56 bit DES / 65536). Again 10 minutes
appear more accurate.

	Which is not to say that we are not discussing a joke.

	And talking about Wiener machines, they are much
faster on DES than most other symmetric ciphers, especially
something like RC5, which had reducing the efficiency
of hardware crackers as a design goal. So, one should
be careful about extrapolating from DES key search rates.

--
Anil Das






Thread