Firewall Wizards mailing list archives
Re: R: strong encryption for Europeans
From: Bennett Todd <bet () rahul net>
Date: Tue, 25 Nov 1997 14:20:39 -0800
1997-11-25-08:59:19 Stacey Lum:
For instance, simple calculation shows that the number of computers required to crack a 56 bit DES key in a "reasonable amount of time" would require over 10,000 Pentium II 300Mhz calibre computers for a month. This assumes that half the keyspace needs to be searched, all computers are calculating day and night, and each computer cracks about 1.3 million keys per second. Assuming that the prorated cost of the computing time is 3% per $3000 computer for the month, this comes out to $900,000 per successful attack.
On the other hand, it looks like it has been done, and without that big a sweat; one obvious valuation of the effort is $10,000 --- it got done once for that. [1. 2]. But there are more influences that weigh in to this balance; CPU horsepower is getting cheaper _Fast_, and security is plummeting like a rock. Each new Micrososft OS raises the bar; you have to have at least 10 times the CPU and several times the memory to approach the same speed as the previous OS; this fuels the hardware market for faster CPUs. And each new release of MSIE has more horrific nightmarish holes. At this rate, all you'll have to do to crack a DES in seconds is put up a web-page with a HyperActive-X++ widget that runs on any Windows99 PC. Of course since Windows99 takes 5 minutes to start an app on a mere 10,000MIP 886 with 512GB of 2ns SDRAM, most people will run 986es with _real_ memories, and it only takes the spare cycles of 5 of those to crack DES in seconds. This week, DES is indeed likely strong enough to protect ``secrets'' that won't get a devoted, wide-spread, or well-funded effort against them in the next few months. But if your secrets retain any potential value for years, or if they may attract more interest, DES just isn't enough. To summarize the summary, if DES is strong enough to protect your secrets, they don't meed much protecting. Myself, when I don't need a real cryptosystem but just a trivial scrambler, I like compress(1) piped into crypt(1), the old one-rotor Enigma. -Bennett [1] <URL:http://www.rsa.com/des/> [2] <URL:http://www.frii.com/~rcv/deschall.htm>
Current thread:
- Re: R: strong encryption for Europeans, (continued)
- Re: R: strong encryption for Europeans Andreas Siegert (Nov 25)
- Re: R: strong encryption for Europeans Adam Shostack (Nov 25)
- Re: R: strong encryption for Europeans Perry E. Metzger (Nov 25)
- Re: R: strong encryption for Europeans Adam Shostack (Nov 25)
- Re: R: strong encryption for Europeans Adam Shostack (Nov 25)
- Re: R: strong encryption for Europeans Martin W Freiss (Nov 25)
- Re: R: strong encryption for Europeans Andreas Siegert (Nov 25)
- Re: R: strong encryption for Europeans Arjo Mukherjee (Nov 25)
- Re: R: strong encryption for Europeans Bennett Todd (Nov 25)
- Re: R: strong encryption for Europeans Ted Doty (Nov 25)
- Re: R: strong encryption for Europeans Chris Lonvick (Nov 24)
- Re: R: strong encryption for Europeans lum (Nov 25)
- Re: R: strong encryption for Europeans Bennett Todd (Nov 25)
- Re: R: strong encryption for Europeans lum (Nov 25)