Single DES is obviously a mistake - the "24 hours/$200K"
limit is so closely what it took to crack DES,
using either the EFF's ~$250K cracker or
Distributed.net's internet-based crack,
that it's clearly referring to DES.
Back when DES was _designed_, it was computationally
secure, for values of "short enough time" up to
about 20 years, but no longer.

RSA is only conditionally computationally secure,
because you can choose key lengths -
384-bit keys are crackable, 1024-bit keys are not.
3DES keys are long enough; Skipjack keys aren't quite.
But even 3DES and Rijndael are crackable if you pick your password
out of a small dictionary.

The "Very Weak" category includes the "Buy Ian Lunch" attack,
which works for the GSM A5 algorithms,
and a few variants like the "Buy Rivest or Shamir Dinner" attack
for somewhat stronger algorithms (the $20K includes
you flying to Boston or Israel while they work on the problem),
or the "Buy Me Coffee" attack for much weaker problems :-)

At 11:11 AM 1/3/01 -0500, John Young wrote:
>A cipher is Computationally Secure (CS) if it cannot 
>be broken by systematic analysis with available
>resources in a short enough time to permit
>exploitation. Examples: DES and 3 DES.
>
>A cipher is Conditionally Computationally Secure
>(CCS) if the cipher could be implemented with keys
>that are not quite "long enough" or with not quite
>"enough" rounds to warrant a CS rating. Examples:
>SKIPJACK and RSA.
>
>A Weak (W) cipher can be broken by a brute force
>attack in an acceptable length of time with an
>"affordable" investment in cryptanalytic resources
>(24 hours and $200K). No examples.
>
>A Very Weak (VW) cipher is one that can be broken
>by determining the key systematically in a short
>period of time with a small investment (8 hours
>and $20K). No examples.
>

                                Thanks! 
                                        Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF  3C85 B884 0ABE 4639

Reply via email to