Newsgroups: sci.crypt
Path: cantaloupe.srv.cs.cmu.edu!crabapple.srv.cs.cmu.edu!fs7.ece.cmu.edu!europa.eng.gtefsd.com!howland.reston.ans.net!usenet.ins.cwru.edu!magnus.acs.ohio-state.edu!jebright
From: jebright@magnus.acs.ohio-state.edu (James R Ebright)
Subject: Re: 80-bit keyseach machine
Message-ID: <1993Apr21.075358.24588@magnus.acs.ohio-state.edu>
Sender: news@magnus.acs.ohio-state.edu
Nntp-Posting-Host: top.magnus.acs.ohio-state.edu
Organization: The Ohio State University
References: <1993Apr20.192105.11751@ulysses.att.com> <1993Apr21.001230.26384@lokkur.dexter.mi.us> <16BB71018.C445585@mizzou1.missouri.edu>
Date: Wed, 21 Apr 1993 07:53:58 GMT
Lines: 47

In article <16BB71018.C445585@mizzou1.missouri.edu> C445585@mizzou1.missouri.edu (John Kelsey) writes:
>In article <1993Apr21.001230.26384@lokkur.dexter.mi.us>
>scs@lokkur.dexter.mi.us (Steve Simmons) writes:
> 
>>Normally I'd be the last to argue with Steve . . . but shouldn't that
>>read "3.8 years for *all* solutions".  I mean, if we can imagine the
>>machine that does 1 trial/nanosecond, we can imagine the storage medium
>>that could index and archive it.
> 
>   Hmmmm.  I think, with really large keyspaces like this, you need to
>alter the strategy discussed for DES.  Attempt decryption of several
>blocks, and check the disctribution of the contents.  I don't think it's
>at all feasible to keep 2**80 encryptions of a known plaintext block on
>*any* amount of tape or CD-ROM.  And certainly not 2**128 such encrypted
>blocks.  (Anyone know a cheap way of converting every atom in the solar
>system into a one bit storage device?)
[...]

I don't claim to be a crypto analyist... there isn't a whole lot of good
literature on the subject, and the best people don't seem to publish
their work :)  but I rather doubt the approach such folks use is brute
force (sorry to have implied that in my previous post).  The history
of these things is folks find clever ways of limiting the search and
bang from there.

I guess my real problem with Skipjack is I can not believe NSA would
make publicly available a system they couldn't break if they wanted...
it just isn't in their charter.  Remember DES came from IBM, not NSA
and, when first published, was given a useful life of 20 years... I think
we are well past that point now :(

Remember, based on the size of the NSA budget, they spend a lot more
on the technology of decryption than most computer companies spend on
R&D.  I have to imagine their stuff is real interesting...

A friend who once worked for them (he is dead now) said he always enjoyed
monitoring SAC's (Strategic Air Command) crypto traffic :)  and I rather
suspect that stuff is a bit more complex than Skipjack  (Or was it the
military got the stuff from the NSA just like we get Skipjack from them ;)
[BTW, folks, NSA wasn't being given the keys.  And the Walker spy case
shows for some of the systems, the KGB didn't need them either.]

-- 
 Information farming at...     For addr&phone: finger             A/~~\A
 THE Ohio State University  jebright@magnus.acs.ohio-state.edu   ((0  0))____
      Jim Ebright             e-mail: jre+@osu.edu                 \  /      \
                          Support Privacy: Support Encryption      (--)\      
