Columbia crypto box

[Bill Stewart]

At 11:08 AM 02/13/2003 -0500, Trei, Peter wrote:
> > Pete Chown[SMTP:Pete.Chown at skygate.co.uk]
> > As a footnote to those times, 2 ** 40 is 1,099,511,627,776.  My PC can
> > do 3,400,000 DES encryptions per second (according to openssl).  I
> > believe DES key setup is around the same cost as one encryption, so we
> > should halve this if a different key is being used each time.  Brute
> > force of a 40-bit DES key will therefore take about a week.  In other
> > words 40-bit DES encryption is virtually useless, as brute force would
> > be available to anyone with a modern PC.
> >
>You can actually do much better that that for key set up. To toot my own
>horn, one of the critical events in getting software DES crackers running
>at high speed was my realization that single-bit-set key schedules can
>be OR'd together to produce any key's schedule. Combining this with
>the use of Grey Codes to choose the order in which keys were tested
>(Perry's idea) led to key scheduling taking about 5% of the time budget.

But to further toot Peter's horn here (:-), before Peter's discovery,
or maybe some work by Biham (?) around that time,
at least as far as the public literature knew,
DES key scheduling was substantially slower than the S-box phases of DES,
so not only were general-purpose-computer attacks Moore'sLawfully slower,
but add another factor of 10 or so, and customer hardware crackers
would also need to burn resources on both parts of the algorithm
and therefore take at least twice as much ASIC space unless
extremely carefully managed.  So while modern technology has
made it severely useless, and while it was crippled back then,
it was at least not _as_ crippled as it looks from today's viewpoint.


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com