Path: utzoo!mnetor!uunet!husc6!hao!ames!nrl-cmf!cmcl2!rutgers!clyde!bellcore!faline!karn
From: karn@faline.bellcore.com (Phil R. Karn)
Newsgroups: sci.crypt
Subject: Re: Is DES breakable with a known-plaintext attack?
Message-ID: <1736@faline.bellcore.com>
Date: 27 Jan 88 01:59:13 GMT
References: <1449@crlt.UUCP>
Organization: Bell Communications Research, Inc
Lines: 11
Keywords: DES known plaintext
Summary: security of DES for radio login

I assume you're referring to the technique I described.  I was well
aware that its effectiveness depends entirely on the resistance of the
cipher function (DES, in this case) against known-plaintext attack.

DES is supposed to have this property.  All of the attacks I've seen
discussed in the literature assume knowledge of a plaintext/ciphertext
pair. As far as anyone has admitted in the open literature, there is no
way to find the corresponding key in this case other than by trying keys
until one works.

Phil