From: das@razor.engr.sgi.com (Anil Das)
Date: Fri, 16 May 1997 09:30:34 +0800
To: cypherpunks@algebra.com
Subject: 40 bit work factors (Re: NSA _likes_ strong crypto?)
In-Reply-To: <199705152153.OAA02386@rigel.cyberpass.net>
Message-ID: <9705151817.ZM10492@razor.engr.sgi.com>
MIME-Version: 1.0
Content-Type: text/plain


On May 15,  6:05pm, Peter Trei wrote:
>
> 40 bit encryption is a bad joke = it would take about 2 min on this
> machine for 40 bit DES

	Yes, 40 bit encryption is a joke, but one shouldn't
extrapolate exponontially between 56 bit DES and 40 bit encryption.
The work factor will not be less by a factor of 1/65536, but
rather in the same ballpark.

	DES is generally faster to search than other ciphers
(5-10 times faster than RC5), so if the 40 bit encryption
is not with DES, 10 minutes would be a more accurate estimate.

	As for 40 bit DES, nobody uses DES as is with 16
bits of the key zeroed out. What is more likely is something
like CDMF. A brute force attack on CDMF has about four times
the work the factor of (56 bit DES / 65536). Again 10 minutes
appear more accurate.

	Which is not to say that we are not discussing a joke.

	And talking about Wiener machines, they are much
faster on DES than most other symmetric ciphers, especially
something like RC5, which had reducing the efficiency
of hardware crackers as a design goal. So, one should
be careful about extrapolating from DES key search rates.

--
Anil Das