From owner-svn-src-all@FreeBSD.ORG Sat Sep 21 11:10:10 2013 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 3488DC28; Sat, 21 Sep 2013 11:10:10 +0000 (UTC) (envelope-from des@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 08B5028C0; Sat, 21 Sep 2013 11:10:10 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.7/8.14.7) with ESMTP id r8LBA9JF049098; Sat, 21 Sep 2013 11:10:09 GMT (envelope-from des@svn.freebsd.org) Received: (from des@localhost) by svn.freebsd.org (8.14.7/8.14.5/Submit) id r8LBA96W049097; Sat, 21 Sep 2013 11:10:09 GMT (envelope-from des@svn.freebsd.org) Message-Id: <201309211110.r8LBA96W049097@svn.freebsd.org> From: Dag-Erling Smørgrav Date: Sat, 21 Sep 2013 11:10:09 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r255760 - head/secure/usr.bin/bdes X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Sep 2013 11:10:10 -0000 Author: des Date: Sat Sep 21 11:10:09 2013 New Revision: 255760 URL: http://svnweb.freebsd.org/changeset/base/255760 Log: Replace claims that DES is a strong cryptosystem with a warning stating that it should no longer be considered secure. Approved by: re (gjb) Modified: head/secure/usr.bin/bdes/bdes.1 Modified: head/secure/usr.bin/bdes/bdes.1 ============================================================================== --- head/secure/usr.bin/bdes/bdes.1 Sat Sep 21 10:01:51 2013 (r255759) +++ head/secure/usr.bin/bdes/bdes.1 Sat Sep 21 11:10:09 2013 (r255760) @@ -35,12 +35,12 @@ .\" @(#)bdes.1 8.1 (Berkeley) 6/29/93 .\" $FreeBSD$ .\" -.Dd June 29, 1993 +.Dd September 20, 2013 .Dt BDES 1 .Os .Sh NAME .Nm bdes -.Nd "encrypt/decrypt using the Data Encryption Standard (DES)" +.Nd "encrypt / decrypt using the Data Encryption Standard (DES)" .Sh SYNOPSIS .Nm .Op Fl abdp @@ -51,6 +51,11 @@ .Op Fl o Ar N .Op Fl v Ar vector .Sh DESCRIPTION +.Bf -symbolic +The DES cipher should no longer be considered secure. +Please consider using a more modern alternative. +.Ef +.Pp The .Nm utility implements all @@ -215,22 +220,6 @@ is given in binary or hex, and can be disabled for .Tn ASCII keys as well. -.Pp -The -.Tn DES -is considered a very strong cryptosystem, -and other than table lookup attacks, -key search attacks, -and Hellman's time-memory tradeoff -(all of which are very expensive and time-consuming), -no cryptanalytic methods -for breaking the -.Tn DES -are known in the open literature. -No doubt the choice of keys -and key security -are the most vulnerable aspect of -.Nm . .Sh IMPLEMENTATION NOTES For implementors wishing to write software compatible with this program, @@ -347,16 +336,6 @@ OUT OF THE USE OF THIS SOFTWARE, EVEN IF SUCH DAMAGE. .Ed .Sh BUGS -There is a controversy raging over whether the -.Tn DES -will still be secure -in a few years. -The advent of special-purpose hardware -could reduce the cost of any of the -methods of attack named above -so that they are no longer -computationally infeasible. -.Pp As the key or key schedule is stored in memory, the encryption can be