On Mon, 10 Mar 2003 09:24:42 PST, Jeremy Epstein <jeremy.epsteinat_private> said: > Depends on why you're asking. If you're researching crypto, > sci.crypt.research is probably a better place to ask. If you're worried > about someone attacking our crypto, you're worried about the wrong thing. > Even 56 bit DES is strong enough that an attacker will almost always attack > something else before they attack the crypto. Or as Marcus Ranum called it: "Rubber Hose Cryptography" ;) Yes, the crypto *system* probably has some other weakness (hint: almost nobody does key management correctly - look for post-it notes on monitors). On the other hand, 56bit single-DES is sufficiently weak that it's quite feasible to build a brute-force cracker. The EFF did so several years ago. New code development should be using 3DES or AES or something of equivalent strength. Then go back and look at your key management again.... -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech
This archive was generated by hypermail 2b30 : Mon Mar 10 2003 - 11:38:23 PST