Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!mnetor!uunet!husc6!cmcl2!brl-adm!brl-smoke!gwyn From: gwyn@brl-smoke.ARPA (Doug Gwyn ) Newsgroups: sci.crypt Subject: Re: An interesting message from SECURITY-DIGEST@RUTGERS Message-ID: <6536@brl-smoke.ARPA> Date: Thu, 8-Oct-87 08:11:08 EDT Article-I.D.: brl-smok.6536 Posted: Thu Oct 8 08:11:08 1987 Date-Received: Sun, 11-Oct-87 01:31:27 EDT References: <7449@reed.UUCP> Reply-To: gwyn@brl.arpa (Doug Gwyn (VLD/VMB) ) Organization: Ballistic Research Lab (BRL), APG, MD. Lines: 64 Keywords: NSA, DES In article <7449@reed.UUCP> mdr@reed.UUCP (Mike Rutenberg) writes: >From: "GLENN EVERHART, 609 486 6328" >(It IS a federal law that >no cipher may be used for international traffic that NSA can't break, >so the permeability of DES follows from reading the relevant US Code >sections.) What rubbish. That entire article was written on the assumption that there is an absolute meaning to "breakable", whereas in fact nearly all practical cryptosystems can be cracked SOME of the time but not ALL of the time, depending on "fuzzy" circumstances such as message length, key length, availability of isomorphs, luck with "probable words", amount of time spent in the cryptanalysis, who the cryptanalyst is, availability of collateral information, etc. Overseas cable traffic has been encrypted for decades. Last I heard, it was against the law for anyone (including NSA) to intercept such communications, but that of course doesn't mean they don't. It's strange how, as comes to light every once in a while, government agencies continually place themselves "above the law". It's a serious problem, in my estimation; if a demonstrably necessary governmental function cannot be accomplished within the law, change the law (probably by repeal of strait-jacketing regulations)! >2. Recently, someone furnished NSA with an efficient DES breaking >algorithm. This was said to take 1.5 hrs. on an IBM PC to break a DES >cipher. I don't know the source of this information, but there of course can be NO algorithm that is GUARANTEED to crack an ARBITRARY sample of encrypted text in a specified amount of time. Given sufficiently suitable circumstances (see previous comment), 1.5 hours of IBM PC time (properly employed) is sufficient to crack almost any system in practical use; the problem is that there is seldom a guarantee of success for any particular sample of ciphertext. >Thus, NSA isn't going to certify DES again, at >least not willingly, because they KNOW it's breakable. I don't think the NSA certified DES in the first place; NBS did. Certainly NSA knows that nearly any cryptosystem can be cracked under suitable circumstances; why would DES be an exception? >3. Since DES has proven embarassingly easy to crack, ... Funny, it doesn't have that reputation. >And this is why you see NSA discussing crypto phones etc. And here I thought it was because they're tasked with communication intelligence, among other things. >The algorithm is just character XORs with a string. But if you do it >several times with strings of lengths that are relatively prime, >couldn't the effective string become the product of the key lengths, >and quickly grow comparable in size with the original message? Does >anyone out there know enough cryptography to tell me whether this is >really a super cheap and strong cipher, or whether it's just a minor >nuisance for folks who go in for this sort of thing? It's just a minor nuisance. That's the Vernam system, invented LONG ago and shown to have strength only slightly better than proportional to the SUM, not the PRODUCT, of the subkey lengths.