1998-01-29 - Re: Predicting cipher life / NSA rigged DES? / Destroying encrypted data (Tangent to Re: Burning papers)
Header Data
From: jim@mentat.com (Jim Gillogly)
To: rfarmer@HiWAAY.net
Message Hash: fe6e4878233c097937e79ebf7ab35b1bfcb773a96c7c398461ddce41e166668d
Message ID: <9801290026.AA13035@mentat.com>
Reply To: N/A
UTC Datetime: 1998-01-29 00:34:07 UTC
Raw Date: Thu, 29 Jan 1998 08:34:07 +0800
Raw message
From: jim@mentat.com (Jim Gillogly)
Date: Thu, 29 Jan 1998 08:34:07 +0800
To: rfarmer@HiWAAY.net
Subject: Re: Predicting cipher life / NSA rigged DES? / Destroying encrypted data (Tangent to Re: Burning papers)
Message-ID: <9801290026.AA13035@mentat.com>
MIME-Version: 1.0
Content-Type: text/plain
Randall Farmer skribis:
> Been thinking, most applications for ciphers assume solely based on cipher x's
> keysize that data will be secure for a certain length of time. ...
> My idea ... is averaging the remaining lifetimes in
> analysis-hours of broken ciphers which survived as many person-hours of attack
> as the one in question.
Doesn't seem terribly likely. Typically ciphers will look strong until
someone discovers a chink. The chink will sometimes lead to a serious
break, but not always, and not always quickly -- but at that point the
cipher looks weak. Your best chance at encrypting stuff that needs a
long shelf life is with a cipher that's had a lot of analysis and
plenty of intrinsic key, like 3DES.
> Am I just going crazy, or is it kind of obvious that NSA knew the s-boxes they
> provided for DES weren't secure?
The former. The S-boxes they replaced were bogus, and the ones they
came up with were good against differential cryptanalysis -- better
than random ones. There's no a priori reason to believe they knew
about linear cryptanalysis, and in any case Matsui's l.c. attack on DES
is better than brute force only in situations where you have a great
deal of known or chosen plaintext. So how come you claim they aren't
secure? DES isn't suitable for long-archived info, but is still OK
for short-lifetime data against a not-too-motivated attacker: its
only known weakness for this application is its key-length, not its
S-boxes.
> Anyhow, these two (or three) values are XORed together to form the key used to
> encrypt the volume. When your adversaries, armed with their trusty rubber
> hoses, come knocking at and/or down your door, you hit a hotkey to start
> destroying those 24 bytes on disk, which can be done faster and more
> effectively than a wipe of every sector in the volume. The folks with the
I like it!
Jim Gillogly
Trewesday, 8 Solmath S.R. 1998, 00:27
12.19.4.15.17, 8 Caban 15 Muan, Second Lord of Night
Thread
Return to January 1998
- Return to “jim@mentat.com (Jim Gillogly)”
- Return to “Tim May <tcmay@got.net>”
Return to ““Uhh…this is Joe [Randall Farmer]” <rfarmer@HiWAAY.net>”
- 1998-01-29 (Thu, 29 Jan 1998 08:34:07 +0800) - Re: Predicting cipher life / NSA rigged DES? / Destroying encrypted data (Tangent to Re: Burning papers) - jim@mentat.com (Jim Gillogly)
- 1998-01-29 (Thu, 29 Jan 1998 10:36:23 +0800) - Chaining ciphers - Tim May <tcmay@got.net>
- 1998-01-31 (Sat, 31 Jan 1998 09:31:02 +0800) - Re: Predicting cipher life / NSA rigged DES? / Destroying encrypted data (Tangent to Re: Burning papers) - “Uhh…this is Joe [Randall Farmer]” <rfarmer@HiWAAY.net>
- 1998-01-31 (Sat, 31 Jan 1998 10:13:49 +0800) - Re: Predicting cipher life / NSA rigged DES? … - Tim May <tcmay@got.net>
- 1998-01-31 (Sun, 1 Feb 1998 00:23:48 +0800) - Re: Predicting cipher life / NSA rigged DES? … - “Uhh…this is Joe [Randall Farmer]” <rfarmer@HiWAAY.net>