> You are saying that some guy in his basement can break DES?
Hmm, works in my basement... :-)
If ordinary everyday hackers can remotely command tens of thousands
of machines to do distributed denial of service attacks, why can't
they crack DES keys?
Providing 3DES doesn't cost any more than providing DES. CPU cycles
are cheap and depreciating rapidly. But it provides much better security.
> I am not excusing MS; their flaw was misleading the user. Their real mistake
> is that the item should have been labeled '3-DES or DES (export friendly)'.
Well, no. It should tell you what the system really does. It should
have been labeled "DES". The 3DES option should be labeled "3DES". I
know that's a little esoteric for your average programmer, tech
writer, manager, or spook to understand, but security is not for wimps.
By the time Microsoft shipped win2000, of course, there were no laws
that would keep it from using 3DES where it was using DES. They have no
'export control' excuse.
John
[I will also point out that, in practice, 3DES is NOT three times more
expensive than DES. You get to eliminate the final and initial
permutations on the "inside", for one thing, and you can play other
games, too. Besides, in any real application, it turns out even
weakling computers can encrypt far faster than they can usually
produce data to transmit. --Perry, your butting-in-moderator...]
