DES
Click on the red underlined text to get to the source
...
This document describes the use of the DES Cipher algorithm in Cipher
Block Chaining Mode as a confidentiality mechanism ...
... As specified in this memo, DES-CBC is not an authentication
mechanism. [Although DES-MAC, described in [Schneier96] amongst other
...
... Schneier96] amongst other
places, does provide authentication, DES-MAC is not discussed here.]
...
...
Phil Karn has tuned DES-CBC software to achieve 10.45 Mbps with a 90
MHz Pentium, scaling to 15.9 Mbps with a 133 MHz Pentium. Other DES
...
... Phil Karn has tuned DES-CBC software to achieve 10.45 Mbps with a 90
MHz Pentium, scaling to 15.9 Mbps with a 133 MHz Pentium. Other DES
speed estimates may be found in [Schneier96].
...
... recover a key/cost per key recovered for 40-bit and 56-bit DES keys,
based on late 1995 estimates.
...
... While a brute force search of a 56-bit DES keyspace can be considered
infeasable for the so-called casual hacker, who is simply using spare
CPU cycles ...
...
For example, for a cost of $300,000, a 56-bit DES key can be
recovered in an average of 19 days using off-the-shelf technology and
in only 3 hours using a custom developed chip.
...
...
[Wiener94] also discusses a $1M machine which can break a DES key in
3.5 hours (1993 estimates), using a known-plaintext attack ...
...
As of this writing, there are no known issues which preclude the use
of the DES-CBC algorithm with any specific authentication algorithm.
...
... Users need to understand that the quality of the security provided by
this specification depends completely on the strength of the DES
algorithm, the correctness of that algorithm ...
... plaintext-ciphertext pairs, where the size of a pair is the size
of a DES block (64 bits). [Matsui94] demonstrated a linear
cryptanalysis ...
...
More disturbingly, [Wiener94] has shown the design of a DES cracking
machine costing $1 Million that can crack one key every 3.5 hours.
This is an extremely practical attack ...
...
One or two blocks of known plaintext suffice to recover a DES key.
Because IP datagrams typically begin with a block of known and/or
...
...
It is suggested that DES is not a good encryption algorithm for the
protection of even moderate value information in the face of such
...
... encryption algorithm for the
protection of even moderate value information in the face of such
equipment. Triple DES is probably a better choice for such purposes.
...
... privacy provided
by use of ESP DES-CBC in the Internet environment is far greater than
sending the datagram ...
... Bellovin, S., "An Issue With DES-CBC When Used Without Strong Integrity", Presentation at the 32nd Internet Engineering Task Force, Danvers Massachusetts, April 1995. ...
... US National Bureau of Standards, "DES Modes of Operation", Federal Information Processing Standard (FIPS) Publication 81, December 1980, http://www.itl.nist.gov/div897/pubs/fip81.htm. ...
... Matsui, M., "Linear Cryptanalysis method for DES Cipher", Advances in Cryptology -- Eurocrypt '93 Proceedings, Berlin: Springer-Verlag, 1994. ...
... Wiener, M.J., "Efficient DES Key Search", School of Computer Science, Carleton University, Ottawa, Canada, TR-244, May 1994. Presented at the Rump Session ...
...
Much of the information provided here originated with various ESP-DES
documents authored by Perry Metzger and William Allen Simpson,
especially the Security Considerations ...
...
This document is also derived in part from previous works by Jim
Hughes, those people that worked with Jim on the combined DES-
CBC+HMAC-MD5 ...