Security Implications of Using the Data Encryption Standard (DES)

Anne & Lynn Wheeler lynn at
Sat Dec 23 15:37:30 EST 2006

from rfc-editor announcement today

4772 I
    Security Implications of Using the Data Encryption Standard (DES), Kelly S., 2006/12/22 (28pp) (.txt=68524) (was draft-kelly-saag-des-implications-06.txt)


The Data Encryption Standard (DES) is susceptible to brute-force attacks, which are well within the reach of a modestly financed adversary.  As a result, DES has been deprecated, and replaced by the
Advanced Encryption Standard (AES).  Nonetheless, many applications continue to rely on DES for security, and designers and implementers continue to support it in new applications.  While this is not always inappropriate, it frequently is.  This note discusses DES security implications in detail, so that designers and implementers have all the information they need to make judicious decisions regarding its use.

... snip ...

rfc 4772 summary


and in the rfc summery, clicking on the ".txt=" field retrieves the actual RFC.

note that there have been (at least) two countermeasures to DES brute-force attacks ...  one is 3DES ... and the other ... mandated for some ATM networks, has been DUKPT. while DUKPT doesn't change the difficulty of brute-force attack on single key ... it creates a derived unique key per transaction and bounds the life-time use of that key to relatively small window (typically significantly less than what even existing brute-force attacks would take). The attractiveness of doing such a brute-force attack is further limited because the typical transaction value is much less than the cost of typical brute-force attack.

... and a little extra in the same announcement:

4732 I
    Internet Denial-of-Service Considerations, Handley M., IAB, Rescorla E., 2006/12/22 (38pp) (.txt=91844) (Refs 1058, 1075, 1112, 2349, 2385, 2439, 2827, 2918, 3261, 3411, 3550, 3618, 3682, 3768, 4251, 4271, 4346, 4566, 4601) (was draft-iab-dos-05.txt)


This document provides an overview of possible avenues for denial-of-service (DoS) attack on Internet systems.  The aim is to encourage protocol designers and network engineers towards designs
that are more robust.  We discuss partial solutions that reduce the effectiveness of attacks, and how some solutions might inadvertently open up alternative vulnerabilities.

... snip ...

rfc 4732 summary

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list