The Use of 56-Bit Keys
With a key length of 56 bits, there are 256 possible
keys, which is approximately 7.2 x 1016. Thus, on the face of it, a
brute-force attack appears impractical. Assuming that, on average, half the key
space has to be searched, a single machine performing one DES encryption per
microsecond would take more than a thousand years (see Table 2.2) to break the cipher.
However, the assumption of one encryption per microsecond is
overly conservative. As far back as 1977, Diffie and Hellman postulated that the
technology existed to build a parallel machine with 1 million encryption
devices, each of which could perform one encryption per microsecond [DIFF77]. This would
bring the average search time down to about 10 hours. The authors estimated that
the cost would be about $20 million in 1977 dollars.
DES finally and definitively proved insecure in July 1998, when
the Electronic Frontier Foundation (EFF) announced that it had broken a DES
encryption using a special-purpose "DES cracker" machine that was built for less
than $250,000. The attack took less than three days. The EFF has published a
detailed description of the machine, enabling others to build their own cracker
[EFF98]. And, of
course, hardware prices will continue to drop as speeds increase, making DES
virtually worthless.
It is important to note that there is more to a key-search
attack than simply running through all possible keys. Unless known plaintext is
provided, the analyst must be able to recognize plaintext as plaintext. If the
message is just plain text in English, then the result pops out easily, although
the task of recognizing English would have to be automated. If the text message
has been compressed before encryption, then recognition is more difficult. And
if the message is some more general type of data, such as a numerical file, and
this has been compressed, the problem becomes even more difficult to automate.
Thus, to supplement the brute-force approach, some degree of knowledge about the
expected plaintext is needed, and some means of automatically distinguishing
plaintext from garble is also needed. The EFF approach addresses this issue as
well and introduces some automated techniques that would be effective in many
contexts.
Fortunately, there are a number of alternatives to DES, the
most important of which are AES and triple DES, discussed in Chapters 5 and 6, respectively.
No comments:
Post a Comment