RE: Security Use Requirements

[Joshua Tseng <jtseng@NishanSystems.com>]

Ran,

> At 15:20 07/02/01, Joshua Tseng wrote:
> 
> >It's often been said that the only thing worse than NO SECURITY
> >is the ILLUSION of security.  
> 
> Some security keeps the kiddies away, no security doesn't.
> I'd much rather have DES-CBC than nothing, because it visibly
> increases the work function for the adversary.
> 
> >Single DES is known to be cracked.
> 
> That is a false statement.  It hasn't been cracked.  The best
> attack known in the public literature is Biham-Shamir, which 
> requires ~O(2^^56) operations and some non-trivial preconditions.  
> There have been some specific brute-force attacks on DES that worked, 
> but they weren't real-time attacks and required a significant amount 
> of computational power.

Yes, thank you.  Cracked is the wrong word.  Brute-forced is
the term I meant to use.

While we're on the topic of security, my source (Schnieder)
indicates that in 1995, it takes 3.5 hrs average to brute-force
single DES.  They also estimated that by 2000, the CPU power
available would reduce that time to an average of 21 minutes. 
On the other hand, with 128-bit keys (and 3DES has 168-bit keys) 
would still require on the  10**17 years.

This attack doesn't need to happen real-time.  All I need is
a sniffer, and I could do all the attacks offline.  Once I have
the key(s), all your data is mine.

Regardless, your point is well taken.  Some encryption is better
than nothing--in MOST cases.

Josh
> 
> I'm not arguing against 3DES in preference to DES-CBC, but it 
> is just wrong to claim either that DES-CBC is cracked or 
> that running in the clear is better than running with DES-CBC
> (assumes reasonable cryptographic authentication in all cases).
> Note also that my comments are constrained to what is in the 
> published literature...
> 
> Ran
> rja@inet.org
> 
> 
>