|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: Security Use RequirementsAt 15:20 07/02/01, Joshua Tseng wrote: >It's often been said that the only thing worse than NO SECURITY >is the ILLUSION of security. Some security keeps the kiddies away, no security doesn't. I'd much rather have DES-CBC than nothing, because it visibly increases the work function for the adversary. >Single DES is known to be cracked. That is a false statement. It hasn't been cracked. The best attack known in the public literature is Biham-Shamir, which requires ~O(2^^56) operations and some non-trivial preconditions. There have been some specific brute-force attacks on DES that worked, but they weren't real-time attacks and required a significant amount of computational power. I'm not arguing against 3DES in preference to DES-CBC, but it is just wrong to claim either that DES-CBC is cracked or that running in the clear is better than running with DES-CBC (assumes reasonable cryptographic authentication in all cases). Note also that my comments are constrained to what is in the published literature... Ran rja@inet.org
Home Last updated: Tue Sep 04 01:05:34 2001 6315 messages in chronological order |