Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > NFR Wizards> 1997

NFR Wizards Archive: Re: R: strong encryption for Europeans

Re: R: strong encryption for Europeans

Bennett Todd (betrahul.net)
Tue, 25 Nov 1997 14:20:39 -0800

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Next message: Stout, William: "RE: Time for a new FWTK?"
Previous message: Martin W Freiss: "Re: R: strong encryption for Europeans"
In reply to: Andreas Siegert: "Re: R: strong encryption for Europeans"
Next in thread: Andreas Siegert: "Re: R: strong encryption for Europeans"

1997-11-25-08:59:19 Stacey Lum:

> For instance, simple calculation shows that the number of computers required
> to crack a 56 bit DES key in a "reasonable amount of time" would require over
> 10,000 Pentium II 300Mhz calibre computers for a month. This assumes that
> half the keyspace needs to be searched, all computers are calculating
> day and night, and each computer cracks about 1.3 million keys per second.
>
> Assuming that the prorated cost of the computing time is 3% per $3000
> computer for the month, this comes out to $900,000 per successful
> attack.

On the other hand, it looks like it has been done, and without that big
a sweat; one obvious valuation of the effort is $10,000 --- it got done
once for that. [1. 2]. But there are more influences that weigh in to
this balance; CPU horsepower is getting cheaper _Fast_, and security
is plummeting like a rock. Each new Micrososft OS raises the bar; you
have to have at least 10 times the CPU and several times the memory to
approach the same speed as the previous OS; this fuels the hardware
market for faster CPUs. And each new release of MSIE has more horrific
nightmarish holes. At this rate, all you'll have to do to crack a DES in
seconds is put up a web-page with a HyperActive-X++ widget that runs on
any Windows99 PC. Of course since Windows99 takes 5 minutes to start an
app on a mere 10,000MIP 886 with 512GB of 2ns SDRAM, most people will
run 986es with _real_ memories, and it only takes the spare cycles of 5
of those to crack DES in seconds.

This week, DES is indeed likely strong enough to protect ``secrets''
that won't get a devoted, wide-spread, or well-funded effort against
them in the next few months. But if your secrets retain any potential
value for years, or if they may attract more interest, DES just isn't
enough.

To summarize the summary, if DES is strong enough to protect your
secrets, they don't meed much protecting. Myself, when I don't need a
real cryptosystem but just a trivial scrambler, I like compress(1) piped
into crypt(1), the old one-rotor Enigma.

-Bennett

[1] <URL:http://www.rsa.com/des/>
[2] <URL:http://www.frii.com/~rcv/deschall.htm>

Next message: Stout, William: "RE: Time for a new FWTK?"
Previous message: Martin W Freiss: "Re: R: strong encryption for Europeans"
In reply to: Andreas Siegert: "Re: R: strong encryption for Europeans"
Next in thread: Andreas Siegert: "Re: R: strong encryption for Europeans"

This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:09:49 CDT