Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10.1 6/24/83; site druxy.UUCP Path: utzoo!linus!philabs!seismo!harpo!eagle!mhuxl!ihnp4!drutx!druxy!jas From: jas@druxy.UUCP (ShanklandJA) Newsgroups: net.unix-wizards Subject: Re: DES encryption with encrypt(3C) Message-ID: <905@druxy.UUCP> Date: Thu, 12-Jan-84 18:08:54 EST Article-I.D.: druxy.905 Posted: Thu Jan 12 18:08:54 1984 Date-Received: Fri, 13-Jan-84 07:34:36 EST Organization: AT&T Information Systems Laboratories, Denver Lines: 36 Doug Gwyn writes: The Enigma multi-rotor cipher machine was broken by Allied cryptanalysts. The one-rotor version of crypt(1) is far too vulnerable to entrust critical data to. True. I wrote that Enigma "served the Nazis so well during WWII" entirely tongue in cheek, forgetting that neither tongue nor cheek would make it onto the net. My apologies. It is still better than no encryption at all, and reasonably cheap computationally. The modified DES of crypt(3C) is considerably safer, but even it is theoretically inadequate for the encryption of a large amount of data. No one should rely on ANY of the standard UNIX encryption software to protect life or property. I'm not qualified to discuss just how safe the DES algorithm is. I would be interested in finding out what the methods of attack on DES are, and what kinds of machine resources they require, as well as what some of the alternative methods of encryption are. My guess is that under most circumstances, DES is safe enough that key security becomes the overriding safety issue: i.e., it would be easier to tap a phone line over which the key is transmitted or bribe an employee than to break the code. My original point, other than to point out the bug in encrypt(3C), was that whether or not DES is "theoretically inadequate for the encryption of a large amount of data," it may be *practically inadequate* in that at 4-5 seconds of VAX 780 CPU time per kilobyte of data to be encrypted or decrypted, it requires more computational muscle than many of us can afford to flex. Another way to look at it is that it would take about 60% of the VAX's CPU just to keep up with a 1200 bps modem. -- Jim Shankland ..!ihnp4!druxy!jas