Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!uunet!seismo!sundc!pitstop!sun!amdcad!ames!ptsfa!ihnp4!homxb!mhuxt!mhuxm!mhuxo!ulysses!gamma!pyuxp!pyuxww!sabre!faline!karn
From: karn@faline.bellcore.com (Phil R. Karn)
Newsgroups: sci.crypt
Subject: Re: An interesting message from SECURITY-DIGEST@RUTGERS
Message-ID: <1475@faline.bellcore.com>
Date: Mon, 12-Oct-87 23:14:23 EDT
Article-I.D.: faline.1475
Posted: Mon Oct 12 23:14:23 1987
Date-Received: Thu, 15-Oct-87 01:08:57 EDT
References: <7449@reed.UUCP> <6536@brl-smoke.ARPA> <1410@osiris.UUCP>
Organization: Bell Communications Research, Inc
Lines: 23
Summary: please do sanity checks before posting

> 	I believe the reference to a DES breaking alg was about the hotrod
> IBM PC developed at (I believe) MIT. Basically it's a PC bus with some custom
> hardware to drive a DES chip at high speed. I don't recall the number but it
> can do enough DES permutations fast enough that a brute-force attack on DES
> is no longer out of the question for the key size. I gathered that if it were 
> left going it would be able to do an exhaustive attack in about 3 hours, or
> some reasonably short time.

I really wish people would do simple, back-of-the-envelope sanity checks
before posting things like this. Three hours is 10,800 seconds. There are
2^56 or about 7.2e16 possible DES keys. To do an exhaustive attack in 3 hours
would therefore require each key to be checked in .15 picoseconds (1 picosec
is .001 nanoseconds).  Even if you double this time to allow for only half
of the keys to be checked in an average search, this figure is so far outside
the capabilities of a PC with ANY custom hardware as to be purely bogus.

Of course, this is not to say that someone hasn't found a shortcut
solution to the DES algorithm (highly unlikely, but still possible) or
that somebody cracked a particular encrypted file where the key was an
English word or something else easily "guessed" by an cracker with lots
of word lists.

Phil