From owner-freebsd-hackers Wed Apr 16 09:36:24 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id JAA06683 for hackers-outgoing; Wed, 16 Apr 1997 09:36:24 -0700 (PDT) Received: from vinyl.quickweb.com (vinyl.quickweb.com [206.222.77.8]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id JAA06678 for ; Wed, 16 Apr 1997 09:36:20 -0700 (PDT) Received: (from mark@localhost) by vinyl.quickweb.com (8.8.5/8.6.12) id MAA23059; Wed, 16 Apr 1997 12:29:40 -0400 (EDT) Message-ID: <19970416122940.60713@vinyl.quickweb.com> Date: Wed, 16 Apr 1997 12:29:40 -0400 From: Mark Mayo To: Justin Wolf Cc: "'drew@sml.co.jp'" , "'cmcurtin@research.megasoft.com'" , Golan Klinger , "rsacrack@vex.net" , "hackers@freebsd.org" , "deschall@gatekeeper.megasoft.com" Subject: Re: First place. References: <01BC4A44.91B7BAA0@crimson> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.69e In-Reply-To: <01BC4A44.91B7BAA0@crimson>; from Justin Wolf on Wed, Apr 16, 1997 at 08:05:50AM -0700 Sender: owner-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Wed, Apr 16, 1997 at 08:05:50AM -0700, Justin Wolf wrote: > Key size, key size... 56-bits has to do with the key size. DES can easily go to 112-bit triple which would be impossible to crack in any reasonable amount of time, even for the government. At such time where 112-bit triple DES became crackable, people would start using something else anyway, like 224-bit quadruple DES or 1024-bit layered RSA or whatever. There's nothing inherently wrong with DES, just the key size which is currently being allowed for export. As far as symmetric algorithms go, it's pretty good. And if you want to make it more difficult to crack use non-standard techniques within the algorithm (sure it's non-standard and there's a chance you'll break it, but someone would have to figure out that you changed the algorithm first). > > Remember, chose an encryption technique that will protect the data as long as the data needs to be protected. How many times do you think a secret that needs to be protected for eternity is sent over the internet or allowed outside of the two people (or person) involved? It doesn't get emailed, it gets hand couriered. And why should I have to pay for a guy to drive up to my company in a large, fossil fuel burning van just to send confdential data? Do you think it would be hard to hi-jack that guy in the van? Of course not... I want to be able to have private data transfer, to anyone I wish to communicte with.. > > I could go on but, it doesn't really matter anyway. People have opinions which blind them into incoherency. > Well, the one point you're missing is that it has be PROVEN that a VLSI team could build a custom cracking machine (with very modest hardware requirements) that can crack DES in hours... You can be sure the US gov. has one (hell, I would if I were in that position!). The problem is that DES isn't good enough anymore. Now, I do think that the 56-bit RC5 challenge is a different story, since that's a fairly solid algorithm AFAIK - that challenge is a bit pointless IMHO, since increasing the key size makes it damn near impossible to crack. Once again: DES is weak. Of course, it's all pointles since the US gov. won't allow the export of ANY real cryptography, DES or RC5... that's the real issue. Luckily, I'm in Canada and my gov. isn't quite so stupid (although I'm sure they would do something like this if they had DES cracking hardware that they wanted to protect their investment on...). Still, I feel the blow of retarded US crypto laws everytime I do business with a US customer. So, the issue isn't quite so simple, 'nor is the effort pointless. -Mark > -Justin > > -----Original Message----- > From: drew@sml.co.jp [SMTP:drew@sml.co.jp] > Sent: Wednesday, April 16, 1997 12:42 AM > To: Justin Wolf; 'cmcurtin@research.megasoft.com'; Golan Klinger; rsacrack@vex.net; hackers@freebsd.org; deschall@gatekeeper.megasoft.com > Subject: RE: First place. > > >You actually think that DES is too weak when it takes all the > >hackers in the known unix world to stage an attempt which has > >been so far unsuccessful? Hmm... different point of view I guess. > > You actually think that the US government doesn't have at least ten > times the computing power of everyone in this effort put together? > Hell, they've probably got that much computing power just in people's > desktop workstations. The fact is, 56-bit keys are useless when up > against the US Government. > -- ---------------------------------------------------------------------------- Mark Mayo mark@quickweb.com RingZero Comp. http://vinyl.quickweb.com/mark finger mark@quickweb.com for my PGP key and GCS code ---------------------------------------------------------------------------- University degrees are a bit like adultery: you may not want to get involved with that sort of thing, but you don't want to be thought incapable. -Sir Peter Imbert