Re: Some questions on DES Encryption...

On Mon, Mar 10, 2003 at 01:53:29PM -0500, Jack Lloyd wrote:
> On 8 Mar 2003, Kryptik Logik wrote:

If all you have to go on is a single plaintext-ciphertext pair, then in the worst case, this is correct. DES uses a 56-bit key, but there is a symmetry between keys which allows you to only test every second key.

In the average case, you will need to perform about 2^54 trial decryptions before you will find the real key.

> > I read some where that it is quite resistant requiring 2^55 plain texts

Differential cryptanalysis is bad, but not that bad (If you're storing 2^55 blocks, then you may as well be doing exhaustive search).

The best differential attack requires having 2^47 known plaintext/ciphertext pairs (2^47 * 2 * 64 bits = 2^51 bytes = 2 petabytes) and takes roughly 2^47 operations to compute.

DES is quite resistant to differential attacks, thanks largely to the specific structure of its S-boxes. It is believed (proven?) that the NSA designed, or at least tweaked, the S-boxes long before the academic world discovered this attack.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

There is also a linear attack which requires (I believe) only 2^43 known pairs (256 terabytes of storage) and 2^43 operations to compute; but DES was never designed to be particularly resiliant against linear cryptanalysis.

> In any case, I don't think secprog@ is the right place for questions like

Agreed.

Ian Clelland
<ian@veryfresh.com> Received on Mon Mar 10 18:03:53 2003