Xref: utzoo sci.crypt:1400 comp.unix.wizards:13582 news.sysadmin:1968 Path: utzoo!utgpu!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!unmvax!ncar!ames!amdcad!sun!pitstop!sundc!seismo!uunet!mcvax!ukc!dcl-cs!aber-cs!pcg From: pcg@aber-cs.UUCP (Piercarlo Grandi) Newsgroups: sci.crypt,comp.unix.wizards,news.sysadmin Subject: Re: Yet Another useful paper Message-ID: <428@aber-cs.UUCP> Date: 18 Dec 88 16:51:23 GMT Reply-To: pcg@cs.aber.ac.uk (Piercarlo Grandi) Distribution: eunet,world Organization: CS Dept., University College of Wales, Aberystwyth, UK (Disclaimer: my statements are purely personal) Lines: 48 In article <4420@xenna.Encore.COM> bzs@Encore.COM (Barry Shein) writes: # >As far as UNIX passwords, it further justifies the use of a shadow # >password file and the use of 64 character pass phrases. # # Why? Because it shows a 20x speedup possibility? Let's do the # arithmetic again... # # [ .... some reassuring arithmetic that DES can't be compromised .... ] It takes a lot to properly answer your posting. Let me say, as numerous other posters will be better able to point out, that there are *many* ways to skin a DES. Even by looking at the non classified, non restricted papers on encryption available, it is clear that breaking a 56 bit key (especially if educated guesses at the potential boundaries on the actual keyspace are made) is not that terribly hard, e.g. by probabilistic techniques... In particular, UNIX password deciphering, where a number of *clever* (whereas you assume brute force) attack techniques have been devised, is now regarded by some as affordable to anybody with large but not truly extraordinary resources. # Let's face it folks, at these fantastic rates the following methods # would be far more effective: # # [ .... the traditional, most effective ways of breaking security .... ] Breaking DES text in general is still quite hard, enough so that cipher breaking is indeed not going to be the weak link in a software+hardware+network security chain. # Dennis, without further justification for your position/conclusion I # claim you're grasping for straws and succumbing to mob mentality. Still, I think that Dennis is not grasping for straws. The most feared danger with any cryptographic technique is that somebody will come up with a clever theorem or a clever hack that chips away at your assumptions about how hard it is to do certain things. This paper in this respect is ominous. Another fact (reliable hearsay actually) that ought to send shivers thru the back of security people is that a 100 decimal digits numbers has been factored without too much fuss. Look into comp.parallel... -- Piercarlo "Peter" Grandi INET: pcg@cs.aber.ac.uk Sw.Eng. Group, Dept. of Computer Science UUCP: ...!mcvax!ukc!aber-cs!pcg UCW, Penglais, Aberystwyth, WALES SY23 3BZ (UK)