Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10 beta 3/9/83; site frog.UUCP Path: utzoo!linus!decvax!genrad!mit-eddie!cybvax0!frog!die From: die@frog.UUCP (Dave Emery) Newsgroups: net.crypt Subject: Has DES been broken Message-ID: <120@frog.UUCP> Date: Fri, 26-Oct-84 23:33:27 EST Article-I.D.: frog.120 Posted: Fri Oct 26 23:33:27 1984 Date-Received: Fri, 2-Nov-84 03:05:27 EST Organization: Charles River Data Systems, Framingham MA Lines: 45 As someone unversed in cryptology I'd like to ask what may seem like a dumb question, does anybody know whether DES has *actually* been broken ? One hears much speculation about "NSA trap doors" and such, and discussion of some work which suggests the effective key length may be slightly shorter than 56 bits, but I am unaware of any account at all of someone having actually derived a method (short of brute force) of breaking DES encoded messages with only approximately (or partially) known plaintext, or even of obtaining the key given a large plaintext and it's equivalent ciphertext (even for block encipherment with a fixed key). Does anybody know of published or unpublished work that establishes a method of breaking DES in a reasonable amount of real time per key other than brute force milling on gigantic arrays of special processors ? Which leads to my second question, how secure should one assume something enciphered under DES really is ? Does current technology permit organizations with the resources of a say a large corporation (or even the mafia) (many millions to spend, but not billions) to break DES using more or less available hardware (large arrays of chips (standard or semi/full custom) or perhaps fast array processors such as the Cray machines) in under a few months per key ? When will we reach this point if we are not already there ? What impact does using double encipherment (DES-DES) or all the various variations (such as cipher chaining or feedback) of using the text being enciphered to permutate an initial key have on security ? I've heard it said that double encipherment doesn't help much ... why is this so ? Is it ever possible to break a DES class cipher without possessing any plaintext/cipher text pairs at all, by using statistical approaches based on knowlage of the properties of the plaintext being transmitted ? -- ---- David I. Emery Charles River Data Systems 983 Concord St. Framingham, MA 01701 Tel: (617) 626-1102 uucp: ...!decvax!frog!die