Xref: cantaloupe.srv.cs.cmu.edu sci.crypt:15744 alt.security.pgp:2623 alt.privacy.clipper:67
Newsgroups: sci.crypt,alt.security.pgp,alt.privacy.clipper
Path: cantaloupe.srv.cs.cmu.edu!rochester!udel!gatech!howland.reston.ans.net!darwin.sura.net!news-feed-1.peachnet.edu!umn.edu!csus.edu!netcom.com!strnlght
From: strnlght@netcom.com (David Sternlight)
Subject: Re: Off the shelf cheap DES keyseach machine (Was: Re: Corporate acceptance of the wiretap chip)
Message-ID: <strnlghtC5wCMo.Fx5@netcom.com>
Organization: DSI/USCRPAC
References: <1993Apr20.192105.11751@ulysses.att.com> <1993Apr21.001230.26384@lokkur.dexter.mi.us> <C5uvn4.MF7@austin.ibm.com>
Date: Thu, 22 Apr 1993 17:59:12 GMT
Lines: 34

In article <C5uvn4.MF7@austin.ibm.com> arussell@austin.ibm.com (AG Russell)
writes:

>
>At the company I worked for previously, I received a file that was des encryped
>and the person that had sent it, went on vaction.  Rather than wait two weeks
>I set up a straight frontal attack with one key at a time.  It only took two(2)
>days to crack the file.  No, I don't have any faith in DES.
>

Taking this at face value (though it seems quite dissonant with much else
that has been published here about brute force DES cracking, unless Russell
was lucky with respect to the key), I'd be very interested in whether the
program Russell used is available? In whether he used a cleartext
recognition algorithm in the program or whether he had to examine each
decryption by hand? In whether he used a known plaintext attack?

He probably should also tell us, given his address, what machine he used--a
desktop, workstation, or super-computer.

Depending on his answer, this could be an appalling development calling into
question both DES and RSA/DES. Dunno about RSA/IDEA.

If any bright programmer with a little idle machine time can crack a single
DES message in a couple of days (assuming no tricks that are
message-specific), then here's my Clipper key, NSA; give me the chip at
once.  :-)

David
-- 
David Sternlight         Great care has been taken to ensure the accuracy of
                         our information, errors and omissions excepted.  


