1998-10-13 - Re: DESX

Header Data

From: Bodo_Moeller@public.uni-hamburg.de (Bodo Moeller)
To: cypherpunks@sirius.infonex.com
Message Hash: dc064c291e418d3b45b395cc169e6bfde719a7822a60451f217381a9300150e1
Message ID: <m0zTAQ4-0003b7C@ulf.mali.sub.org>
Reply To: <19981010215151.A628@die.com>
UTC Datetime: 1998-10-13 23:41:20 UTC
Raw Date: Wed, 14 Oct 1998 07:41:20 +0800

Raw message

From: Bodo_Moeller@public.uni-hamburg.de (Bodo Moeller)
Date: Wed, 14 Oct 1998 07:41:20 +0800
To: cypherpunks@sirius.infonex.com
Subject: Re: DESX
In-Reply-To: <19981010215151.A628@die.com>
Message-ID: <m0zTAQ4-0003b7C@ulf.mali.sub.org>
MIME-Version: 1.0
Content-Type: text/plain



Dave Emery <die@die.com>:

> 	Anybody have any estimate as to how much actual strength this
> adds to DES ?

You might want to read "The Security of DESX" by Phillip Rogaway in
CryptoBytes Vol. 2 Number 2 (Summer 1996) pp 8-11, which is available
somewhere on RSADSI's web site <URL:http://www.rsa.com> (possibly
<URL:http://www.rsa.com/PUBS/> might be a good starting point) or the
underlying research paper "How to protect DES against exhaustive key
search" by Kilian and Rogaway in CRYPTO '96:

     [The] results don't say that it's impossible to build a machine
     which would break DESX in a reasonable amount of time.  But they
     do imply that such a machine would have to employ some radically
     new idea: it couldn't be a machine implementing a key-search
     attack, in the general sense which we've described.

(Quoted from the CryptoBytes article.)

>                How would one break it in a practical cracker machine ?

Maybe not at all; see above.





Thread