Path: utzoo!utgpu!water!watmath!clyde!rutgers!im4u!ut-sally!utah-cs!utah-gr!stride!mitch From: mitch@Stride.COM (Thomas Mitchell) Newsgroups: sci.crypt Subject: Re: Crypt() hackers Summary: The unknown qualifications of DES Keywords: DES, des, crypt() Message-ID: <716@stride.Stride.COM> Date: 16 Feb 88 00:43:04 GMT References: <538@ddsw1.UUCP> <8045@eddie.MIT.EDU> <980@sdcc13.ucsd.EDU> <22925@ucbvax.BERKELEY.EDU> Reply-To: mitch@stride.stride.com.UUCP (Thomas Mitchell) Organization: MicroSage, 680 S. Rock Blvd, Reno, NV 89502 Lines: 34 In article <22925@ucbvax.BERKELEY.EDU> wallace@degas.Berkeley.EDU.UUCP (David E. Wallace) writes: >In article <980@sdcc13.ucsd.EDU> ln63wgq@sdcc13.ucsd.edu.UUCP (Keith Messer) writes: >> >>About breaking crypt() ... >(and suggests a technique for breaking DES based on finding boolean >expressions for the output bits in terms of the key, and then simplifying >them)... > >This approach is a nice try - the problem is it's extremely unlikely to >be at all practical. >> DES even now. I am convinced that the algorithm is vulnerable to >> a known-plaintext attack,.. >> Think of the DES purely as a boolean function, and its insecurity >> becomes obvious. ^^^^^^^^ Solution left for the student? Some people believe that the analysis of DES by NSA and others found just such a flaw and that they hold it out as a way that they can break most any given input. It might be of interest to see if he can reduce the DES alg. to a simpler procedure. As I see it the DES is a series of reversible transformations which preserve the data content of the message. These paths or transformations may have a short cut which may present itself when the boolean reduction is finished or partly finished. I guess what I am saying is that if David can reduce DES sufficiently he may be able to generate exhaustive searches fast enough or given the plain text be able to extract the key all with a facility which would make the US and world banking industry cry. Just remember how big a discovery a^2 + b^2 = c^2 was in the correct context, E=mc^2.