Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!uunet!seismo!sundc!pitstop!sun!amdcad!ames!hao!oddjob!mimsy!umd5!brl-adm!brl-smoke!gwyn
From: gwyn@brl-smoke.ARPA (Doug Gwyn )
Newsgroups: sci.crypt
Subject: Re: Double Des
Message-ID: <6630@brl-smoke.ARPA>
Date: Fri, 30-Oct-87 02:57:23 EST
Article-I.D.: brl-smok.6630
Posted: Fri Oct 30 02:57:23 1987
Date-Received: Wed, 4-Nov-87 06:25:17 EST
References: <1290007@hpcvlo.HP.COM> <3123@ulysses.homer.nj.att.com>
Reply-To: gwyn@brl.arpa (Doug Gwyn (VLD/VMB) <gwyn>)
Organization: Ballistic Research Lab (BRL), APG, MD.
Lines: 16

In article <3123@ulysses.homer.nj.att.com> smb@ulysses.homer.nj.att.com (Steven Bellovin) writes:
>They conclude that multiple encryption does offer advantages (enough
>6250 bpi tapes to hold the 2**56 words of storage would cost ~$80e9
>at $20 per tape, and hence is presumably beyond NSA's reach, especially
>since you have to sort the tpaes....).

Hi, Steve!  I hope you were being facetious.  I doubt very much that
NSA would have to resort to "brute force" key searches to crack DES
or any system like it.  If you really believe it would, I'd like to
hear reasons why.  So far in this type of discussion nobody ever has
explained why "brute force" is the only approach considered.

Obviously, if a system can be shown to be insecure against a "brute
force" attack, it is absolutely insecure, but the converse definitely
does not hold in general -- security against brute force does not
guarantee absolute security.