Firewall Wizards mailing list archives
Re: R: strong encryption for Europeans
From: lum () infoexpress com
Date: Tue, 25 Nov 1997 08:59:19 +0000
Hello Ming, As is the case with all network security, one of the primary objectives of VPNs is to make attacks impractical, especially in comparison to other methods that are available. For instance, simple calculation shows that the number of computers required to crack a 56 bit DES key in a "reasonable amount of time" would require over 10,000 Pentium II 300Mhz calibre computers for a month. This assumes that half the keyspace needs to be searched, all computers are calculating day and night, and each computer cracks about 1.3 million keys per second. Assuming that the prorated cost of the computing time is 3% per $3000 computer for the month, this comes out to $900,000 per successful attack. It's worth noting that because the information is encrypted, it isn't known whether the information will be useful until after it's been cracked. Imagine spending that much effort to retrieve an e-mail starting with, "Subject: Health plan update...". Also, cracking illicit data is harder than the DES challenge data because support must be obtained covertly. I don't think it would be that easy to muster up support from an IS department to secretly crack illicit data on the scale required. In contrast, here are some other means of obtaining similar data: 1. Tapping analog phone lines at the corporate site 2. Tapping leased lines that interconnect corporate WAN sites 3. Using emr sniffers to monitor keystrokes 4. Hacking the telco's switch 5. Hacking the company's switch 6. Surreptitiously obtaining a password from an employee ...... etc. All of these will obtain similar information at a much lower cost than cracking 56 bit encryption. For the record, I think that the US government's stance on exportable cryptography is as damaging and ludicrous as anyone else... probably more than most considering what we do. Nonetheless, when the US raised the bar from 40 bit to 56 bit encryption, exportable cryptography became practical if not ideal, especially in comparison to other techniques for illicitly obtaining information. A final note is that the effectiveness of the encryption method also depends on its use. For site to site VPNs, longer keys are necessary because more data is trasnferred over the same key than are remote user VPN, where the amount of data transferrred per key is relatively small. Both types of VPNs, however, can change keys periodically in order to minimize the number of bytes transferred per key, resulting in a higher cost per attack. Regards, Stacey Lum InfoExpress, Inc. 415.969.9609
Once upon a time, Chris Lonvick wrote: Hello Ming, They were not exactly attacks. These were a set of challenges offered by RSA Labs (with prizes). http://www.rsa.com/rsalabs/97challenge/ http://www.rsa.com/rsalabs/97challenge/html/status.html http://www.frii.com/~rcv/deschall.htm (winner of DES) http://rc5.distributed.net/ (winner of RC5-32/12/7) For those that don't wish to follow the URLs, Challenge time to crack Prize RC5-32/12/5 (40bit key) 3.5 hrs US$ 1,000. RC5-32/12/6 (48bit key) 313 hrs US$ 5,000. DES (56bit key) 140 days US$10,000. RC5-32/12/7 (56bit key) 265 days US$10,000. (And there's US$90,000. in prize money left in the other challenges.) Later, Chris Lonvick Cisco Systems Corporate Consulting Houston, TX, USA +1.713.778.5663 At 06:03 PM 11/24/97 -0500, Ming Lu wrote:Franco: I would like to see reports reagding these successful attacks. I could not find them at CERT. TIA. On Mon, 24 Nov 1997, Franco RUGGIERI wrote:Recently (June and October this year), attacks have been successfully accomplished against DES and RC5 65 bit, by a huge number of computers coordinated via Internet. Since participation in such effort was voluntary, I wouldn't define such coordination as *strict*. Thus, we can assume that a well determined organization would break codes based on keys up to 56 bit in a reasonable amount of time. Therefore I wouldn't recommend VPNs based on such systems (RCx, DES and the likes with *short*keys), unless for what I would dub *minor areas* and for not long lasting applications. This, of course, IMHO. I would appreciate comments (not flames!) on this viewpoint of mine. ------------------------------- Franco RUGGIERI fruggieri () selfin net[snip] _ming
Regards, Stacey Lum InfoExpress
Current thread:
- R: strong encryption for Europeans Franco RUGGIERI (Nov 24)
- Re: R: strong encryption for Europeans Andreas Siegert (Nov 25)
- Re: R: strong encryption for Europeans Adam Shostack (Nov 25)
- Re: R: strong encryption for Europeans Perry E. Metzger (Nov 25)
- Re: R: strong encryption for Europeans Adam Shostack (Nov 25)
- Re: R: strong encryption for Europeans Adam Shostack (Nov 25)
- Re: R: strong encryption for Europeans Martin W Freiss (Nov 25)
- Re: R: strong encryption for Europeans Andreas Siegert (Nov 25)
- Re: R: strong encryption for Europeans Arjo Mukherjee (Nov 25)
- Re: R: strong encryption for Europeans Bennett Todd (Nov 25)
- Re: R: strong encryption for Europeans Ted Doty (Nov 25)
- <Possible follow-ups>
- Re: R: strong encryption for Europeans Chris Lonvick (Nov 24)
- Re: R: strong encryption for Europeans lum (Nov 25)
- Re: R: strong encryption for Europeans Bennett Todd (Nov 25)
- Re: R: strong encryption for Europeans lum (Nov 25)