Nntp-Posting-Host: gode.ifi.uio.no
From: "Jon \\lnes" <jon@ifi.uio.no>
Subject: Re: Off the shelf cheap DES keyseach machine (Was: Re: Corporate
        acceptance of the wiretap chip)
In-Reply-To: strnlght@netcom.com (David Sternlight)'s message of Thu, 22 Apr
        1993 17:59:12 GMT
Organization: Dept. of Informatics, University of Oslo, Norway
        <1993Apr21.001230.26384@lokkur.dexter.mi.us>
        <C5uvn4.MF7@austin.ibm.com> <strnlghtC5wCMo.Fx5@netcom.com>
Lines: 49
Originator: jon@gode.ifi.uio.no

In article <strnlghtC5wCMo.Fx5@netcom.com> strnlght@netcom.com (David Sternlight) writes:

> In article <C5uvn4.MF7@austin.ibm.com> arussell@austin.ibm.com (AG Russell)
> writes:
> 
> >
> >At the company I worked for previously, I received a file that was des encryped
> >and the person that had sent it, went on vaction.  Rather than wait two weeks
> >I set up a straight frontal attack with one key at a time.  It only took two(2)
> >days to crack the file.  No, I don't have any faith in DES.
> >
> 
> Taking this at face value (though it seems quite dissonant with much else
> that has been published here about brute force DES cracking, unless Russell
> was lucky with respect to the key), I'd be very interested in whether the
> program Russell used is available? In whether he used a cleartext
> recognition algorithm in the program or whether he had to examine each
> decryption by hand? In whether he used a known plaintext attack?
> 
> He probably should also tell us, given his address, what machine he used--a
> desktop, workstation, or super-computer.
> 
> Depending on his answer, this could be an appalling development calling into
> question both DES and RSA/DES. Dunno about RSA/IDEA.
> 
> If any bright programmer with a little idle machine time can crack a single
> DES message in a couple of days (assuming no tricks that are
> message-specific), then here's my Clipper key, NSA; give me the chip at
> once.  :-)
> 
> David
> -- 
> David Sternlight         Great care has been taken to ensure the accuracy of
>                          our information, errors and omissions excepted.  
> 
> 

A person I know, belonging to a research lab of a rivate
company, claimed to me during a priavte conversation that, given the
equipment in his lab, he could crack a Kerberos ticket in 15 minutes to
an hour. He had access to rather powerful DES hardware, but not of an
extraordinare kind, I believe. The attack was possible because of the
amount of known plaintext in the ticket, which itself constitutes a small
message. This was two years ago.
DES is no longer usable for encryption of really sensitive data. For a
lot of purposes, however, it is still very adequate.

Jon Olnes, Norwegian Computing Centre, Oslo, Norway
E-mail: Jon.Olnes@nr.no   or   jon@ifi.uio.no
