Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: lists.freeswan.org > 1998-fall > 98 > 120278.html (Request Expert lists.freeswan.org Support)

linux-ipsec: DES and DES-X in 0.91 docs? Think and then: again!

From: Martin Sauer <Martin.Sauer(at)mr.anzeiger.net>
Date: Mon Dec 07 1998 - 03:40:53 EST


Hi there,

just read the comments on des in [SOURCE]/doc of version0.91. To be honest: IMHO DESX does not "blow brute-force search out of the water ...". Why? Let´s see...

1.) DESX is by no means significantly more complex than DES. Therefore the time needed to crack DESX should not increase (even with brute force). 2.) DESX implies something like a security by obscurity: the attacker does not know, if brute-force was successful, because he does not recognize plaintext. Wrong! First off you imply the attacker chose a known-plaintext attack. He does not need to (it depends on the prey´s scenario). Second, plaintext has some characteristics encrypted text has not. Encrypted text appears to be a random text. Any random number tests will report an encrypted text (a strong algorithm) as a random text. Plaintext will in almost no case be reported as random text. (XOR does not change it!) This is an example for a condition telling an attacker he was, or will be successfull... Furthermore: in almost all cases plain text is limited in its set of characters. Even though if a text appears random, its limited set of characters indicates plaintext (XOR is a bijektiv function, which does not change it).

[Lots more, but I hope you understood my headache with this statement in the des-docu ...]

;-) Just start reading a book like "applied cryptography" by Bruce Schneier. It clears things up and offers some quite useful hints, e. g. special modified S-boxes for DES and therefore DES3. While DESX will not stop any DES-attacker from being successful, modified DES will at least spoil the efforts of attackers with minor or medium competence, in best case it could also stop attackers with high competence (You won´t stop maximum competence - N SA, M OSSAD, the like - just by using strong encryption. For them you need much more... [but we will improve ;-)])

Sicerly

Martin


We are Linux. Remove your software and surrender your hard drives. We will add compatibility with your file systems to our own. Your computers will adapt to service you better. Resistance is futile.
Received on Mon Dec 7 04:32:27 1998

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 12:59:09 EDT

Do you need help?X
Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library