RE: Security Use Requirements

To: Joshua Tseng <jtseng@NishanSystems.com>
Subject: RE: Security Use Requirements
From: RJ Atkinson <rja@inet.org>
Date: Wed, 07 Feb 2001 16:02:51 -0500
Cc: ips@ece.cmu.edu
Content-Type: text/plain; charset="us-ascii"
In-Reply-To: <B300BD9620BCD411A366009027C21D9B19001B@ariel.nishansystems.com>
Sender: owner-ips@ece.cmu.edu

At 15:20 07/02/01, Joshua Tseng wrote:

>It's often been said that the only thing worse than NO SECURITY
>is the ILLUSION of security.  

Some security keeps the kiddies away, no security doesn't.
I'd much rather have DES-CBC than nothing, because it visibly
increases the work function for the adversary.

>Single DES is known to be cracked.

That is a false statement.  It hasn't been cracked.  The best
attack known in the public literature is Biham-Shamir, which 
requires ~O(2^^56) operations and some non-trivial preconditions.  
There have been some specific brute-force attacks on DES that worked, 
but they weren't real-time attacks and required a significant amount 
of computational power.

I'm not arguing against 3DES in preference to DES-CBC, but it 
is just wrong to claim either that DES-CBC is cracked or 
that running in the clear is better than running with DES-CBC
(assumes reasonable cryptographic authentication in all cases).
Note also that my comments are constrained to what is in the 
published literature...

Ran
rja@inet.org

Follow-Ups:
- RE: Security Use Requirements
  - From: Michael Eisler <mre@zambeel.com>

References:
- RE: Security Use Requirements
  - From: Joshua Tseng <jtseng@NishanSystems.com>

Prev by Date: RE: Security Use Requirements
Next by Date: RE: Security Use Requirements
Prev by thread: RE: Security Use Requirements
Next by thread: RE: Security Use Requirements
Index(es):
- Date
- Thread

Home

Last updated: Tue Sep 04 01:05:34 2001
6315 messages in chronological order